Creating a Custom OAuth App
Azure: Custom OAuth App
You may choose to create a custom OAuth application to authenticate a user account or a service principal.
When to Create a Custom OAuth App
CData embeds OAuth application credentials with CData branding that can be used when connecting via either a desktop application or from a headless machine.
You may choose to use your own OAuth application credentials when you wish to:
- control the branding of the authentication dialog
- control the redirect URI that the application redirects the user to after the user authenticates
- customize the permissions that you are requesting from the user
Creating an OAuth Application
Follow the steps below to obtain the OAuth values for your app.
- Log in to Microsoft Azure Portal.
- In the left-hand navigation pane, select Azure Active Directory then App Registrations and click New registration.
- Enter an app name and set the radio button for the desired tenant setup. When creating a custom OAuth application in Azure Active Directory, you can define if the application is single or multi-tenant in the Supported account types section. If your app is for private use only, selecting "Accounts in this organization directory only" should be sufficient. Otherwise, if you want to distribute your app, choose one of the multi-tenant options.
- Set the Redirect URI to something such as http://localhost:33333, the cmdlet's default. Or, set a different port of your choice and note the exact redirect URI you defined.
- Click Register to register the new app. An application object and service principal are automatically created in your tenant. You will be brought to an app management screen. Note the value in Application (client) ID and, if you selected "Accounts in this organization directory only", the value in Directory (tenant) ID.
- Define the app authentication type by navigating to the Certificates & Secrets section. There are two types of authentication available: using a client secret and using a certificate.
- Option 1 (Azure Service Principal Authentication) - Upload a certificate : In the Certificates & Secrets section, select Upload certificate and select the certificate to upload from your local machine.
- Option 2 (Azure Active Directory User Authentication) - Create a new application secret (AzureServicePrincipal): In the Certificates & Secrets section, select New Client Secret for the app and select its duration. After saving the client secret, the key value is displayed. This value is displayed only once, so make a note of it.
- Select API Permissions and then click Add a permission. If you plan for your app to connect without a user context, select the Application Permissions. If you plan for your app to connect with a user context, select the Delegated permissions.
- You will need to ensure that you have enabled Azure Healthcare APIs > user_impersonation.
- Save your changes.
- If you have selected to use permissions that require admin consent (such as the Application Permissions), you may grant them from the current tenant on the API Permissions page.
Google: Custom OAuth App
You may choose to create a custom OAuth application to authenticate a service account or a user account.
When to Create a Custom OAuth App
CData embeds OAuth application credentials with CData branding that can be used when connecting via either a desktop application or from a headless machine.
You may choose to use your own OAuth Application credentials when you wish to:
- control the branding of the authentication dialog
- control the redirect URI that the application redirects the user to after the user authenticates
- customize the permissions that you are requesting from the user
Create an OAuth Application for User Accounts (OAuth)
If you have not yet enabled the Cloud Healthcare API, follow the steps below:
- Click the hamburger menu in the top-left corner of the page and select APIs and Services > Library.
- Select the Healthcare category from the left-hand navigation, then click Cloud Healthcare API.
- Click ENABLE.
Follow the procedure below to register an app.
- Log into the Google Cloud Console and open a project. Click the hamburger menu in the top-left corner of the page and select APIs and Services.
- Before you can create an OAuth app, you will need to create an OAuth consent screen. If you do not already have an OAuth consent screen set up, select the OAuth consent screen option from the left-hand navigation and complete the form.
- From the APIs & Services page, select Credentials in the left-hand navigation and then click +CREATE CREDENTIALS > OAuth client ID.
- In the Application Type menu, select Web application if you wish to set a custom redirect URI or Desktop application if you don't.
- Name the application and click CREATE.
- If you're creating a web application, click ADD URI under Authorized redirect URIs and specify your desired redirect URI. Make a note of the redirect URI you supplied and click OK.
- A window then appears which displays the application credentials. Note the Your Client ID and Your Client Secret values.
Create an OAuth Application for Service Accounts (OAuthJWT)
If you have not yet enabled the Cloud Healthcare API, follow the steps below:
- Click the hamburger menu in the top-left corner of the page and select APIs and Services > Library.
- Select the Healthcare category from the left-hand navigation, then click Cloud Healthcare API.
- Click ENABLE.
Follow the steps below to create an OAuth application and generate a private key.
- Log into the Google Cloud Console and open a project. Click the hamburger menu in the top-left corner of the page and select APIs and Services.
- Before you can create an OAuth app, you need to create an OAuth consent screen. If you do not already have an OAuth consent screen set up, select the OAuth consent screen option from the left-hand navigation and complete the form.
- From the APIs & Services page, select Credentials in the left-hand navigation and then click +CREATE CREDENTIALS > Service account.
- Specify a service account ID and click CREATE AND CONTINUE.
- Select one or more roles.
- Click CREATE to create the service account.
- From the Credentials page, click the link to the newly-created service account.
- Select the KEYS tab, then click ADD KEY > Create new key. Choose JSON for the key type and then click CREATE to generate and download your key.