OAuth 2.0 Credentials
To run a mapping that requires OAuth 2.0 authorization in MapForce, you will need to create a credential of type OAuth 2.0 using the Credentials Manager, fill in the OAuth 2.0 details, and go through a manual authorization process as described below.
The fields associated with an OAuth 2.0 credential object are listed below. To obtain these values, you must first register with the Web service provider (for example, Google API Console, Facebook API, Bitbucket API, and so on).
Authorization Endpoint | Specifies the URI from where MapForce initiates authorization flows. You can obtain this value after registering with the Web service provider. |
Token Endpoint | Specifies the URI from where MapForce initiates token flows. You can obtain this value after registering with the Web service provider. |
Client ID | The identifier of the client application (MapForce, in this case). You can obtain this value after registering with the Web service provider. |
Client secret | The secret associated with the client application. You can obtain this value after registering with the Web service provider. |
Scope | The scope of the client application, if required by the provider. You can obtain this value after registering with the Web service provider. |
Redirection URI | The OAuth 2.0 authorization server needs a URI to which it will send responses. By default, MapForce automatically specifies a URI for communicating with the authorization server.
If the authorization server requires a specific port, select the Specific port check box and enter the relevant port. |
Token Endpoint Authentication | Most OAuth 2.0 authorization servers require that the authorization details be submitted in the POST request header. This is also the value selected by default from the drop-down list.
Some OAuth 2.0 authorization servers accept the authentication details only in the body of the POST request. For such authorization servers, select the value in POST request body from the drop-down list. |
Access token | This is the access token returned by the authorization server. The mapping will execute successfully only if the resource server determines that the access token is correct and valid. |
Refresh token | This is the refresh token returned by the authorization server. It is required when the Access token expires (see above). In rare cases when the access token never expires, this is not necessary. |
After you have filled in the fields above, click Request Access Token to obtain the access token required to run the mapping. The exact authorization process depends on the Web service provider; it typically requires that you manually confirm in a browser window that you grant access to the Web service to determine your identity (for example, your Google account if the mapping calls a Google API). At the end of the process, MapForce displays a confirmation message that the access token has been obtained from the server. Note that the access token will be saved only if you selected the Save encrypted in MFD file check box, as described in Credentials. If you did not select the Save encrypted in MFD file check box, you will need to manually authorize each time when you run the mapping.
The access token may expire after some time; the period after which a token expires depends on the provider of the Web service. Moreover, it may also be the case that the access token was explicitly revoked by the Web service provider. When this happens, the Messages window will display authorization errors when you attempt to preview the mapping. In this case, you will need to click Request Access Token and go through the authorization process again before you can run the mapping.