OAuth enables the adapter to obtain limited access to the service on behalf of a user by orchestrating an approval interaction between the user and the service. This section specifies how the adapter can be configured to authenticate using OAuth.

Configuring the Adapter

The adapter can be configured for OAuth in three ways using the InitiateOAuth property.

Set InitiateOAuth to OFF

In this configuration, the adapter uses the OAuthAccessToken for authorization without initiating the OAuth flow. When the OAuthAccessToken expires, the user must obtain a new OAuthAccessToken.

This configuration is suitable for one-time use or when the OAuthAccessToken has a long life. This is the simplest way of configuring OAuth if the OAuthAccessToken can be obtained using other means. For example, with the help of the API or developer console.

Set InitiateOAuth to REFRESH

The REFRESH configuration does not require user interaction. This configuration is suitable for scenarios where the studio and server are not on the same machine.

The adapter refreshes the OAuthAccessToken when it expires. The adapter stores the new OAuthAccessToken in the OAuthSettingsLocation configured in the data source.

The following connection properties need to be set:

• OAuthRefreshToken
• OAuthClientId
• OAuthClientSecret
• OAuthSettingsLocation

Set InitiateOAuth to GETANDREFRESH

This configuration requires interaction between the adapter, user, and FacebookAds.

The adapter launches the browser to allow the user to log in and grant permissions. Since this configuration requires browser interaction, there are limitations on when this configuration can be used. For example, this configuration cannot be used when the TDV monitor is used to start the server.

The following connection properties need to be set:

• OAuthClientId
• OAuthClientSecret
• CallbackURL
• OAuthSettingsLocation

Configuring a Development Machine

To configure the adapter on a development machine, where the server and studio are running on the same machine, start TDV from a console and set InitiateOAuth to GETANDREFRESH. The resulting OAuthAccessToken is saved in OAuthSettingsLocation.

Configuring a Production Machine

If the imported data source can be used on the target server without additional modifications, copy the settings file to the target server. Note that the OAuthSettingsLocation must not change.

Alternatively, a refresh token can be obtained from FacebookAds and can be provided along with the OAuthClientId and OAuthClientSecret. Getting a refresh token requires experience in using the developer APIs and console of the OAuth provider and the token has to be obtained using the same OAuthClientId and OAuthClientSecret configured in the data source.

If FacebookAds issues a long-lived access token, use the FacebookAds developer API or console to retrieve the OAuthAccessToken.

Configuring OAuth in a Cluster

In a cluster, the data source configuration is synced across the members of the cluster. Set the OAuthSettingsLocation to a file path that is on a shared file system that is accessible to all the members.

Importing/Exporting Archives and Using the Deployment Manager

When the archive contains a data source configured for OAuth and when it is imported or migrated to the target server, the OAuthSettingsLocation is not automatically imported or migrated. The OAuthSettingsLocation needs to be externally migrated or the OAuth flow has to be reinitiated in the target server.