Skip to content

Interface: OAuth2Authentication

core.OAuth2Authentication

Authenticate using OAuth2. You must specify the authorization URL, token exchange URL, and scopes here as part of the pack definition. You'll provide the application's client ID and client secret in the pack management UI, so that these can be stored securely.

The API must use a (largely) standards-compliant implementation of OAuth2.

Hierarchy

OAuth2Authentication

Properties

additionalParams

Optional additionalParams: Object

Option custom URL parameters and values that should be included when redirecting the user to the authorizationUrl.

Index signature

▪ [key: string]: any

Defined in

types.ts:406


authorizationUrl

authorizationUrl: string

The URL to which the user will be redirected in order to authorize this pack. This is typically just a base url with no parameters. Coda will append the scope parameter automatically. If the authorization flow requires additional parameters, they may be specified using additionalParams.

Defined in

types.ts:374


endpointDomain

Optional endpointDomain: string

When requiresEndpointUrl is set to true this should be the root domain that all endpoints share. For example, this value would be "example.com" if specific endpoints looked like {custom-subdomain}.example.com.

For packs that make requests to multiple domains (uncommon), this should be the domain within networkDomains that this configuration applies to.

Inherited from

BaseAuthentication.endpointDomain

Defined in

types.ts:247


endpointKey

Optional endpointKey: string

In rare cases, OAuth providers will return the specific API endpoint domain for the user as part of the OAuth token exchange response. If so, this is the property in the OAuth token exchange response JSON body that points to the endpoint.

The endpoint will be saved along with the account and will be available during execution as endpoint.

Defined in

types.ts:416


getConnectionName

Optional getConnectionName: MetadataFormula

A function that is called when a user sets up a new account, that returns a name for the account to label that account in the UI. The users credentials are applied to any fetcher requests that this function makes. Typically, this function makes an API call to an API's "who am I" endpoint and returns a username.

If omitted, or if the function returns an empty value, the account will be labeled with the creating user's Coda username.

Inherited from

BaseAuthentication.getConnectionName

Defined in

types.ts:215


instructionsUrl

Optional instructionsUrl: string

A link to a help article or other page with more instructions about how to set up an account for this pack.

Inherited from

BaseAuthentication.instructionsUrl

Defined in

types.ts:230


nestedResponseKey

Optional nestedResponseKey: string

In rare cases, OAuth providers send back access tokens nested inside another object in their authentication response.

Defined in

types.ts:452


networkDomain

Optional networkDomain: string | string[]

Which domain(s) should get auth credentials, when a pack is configured with multiple domains. Packs configured with only one domain or with requiredsEndpointUrl set to true can omit this.

Using multiple authenticated network domains is uncommon and requires Coda approval.

Inherited from

BaseAuthentication.networkDomain

Defined in

types.ts:261


pkceChallengeMethod

Optional pkceChallengeMethod: "plain" | "S256"

See useProofKeyForCodeExchange

Defined in

types.ts:440


postSetup

Optional postSetup: SetEndpoint[]

One or more setup steps to run after the user has set up the account, before completing installation of the pack. This is not common.

Inherited from

BaseAuthentication.postSetup

Defined in

types.ts:253


requiresEndpointUrl

Optional requiresEndpointUrl: boolean

If true, indicates this has pack has a specific endpoint domain for each account, that is used as the basis of HTTP requests. For example, API requests are made to .example.com rather than example.com. If true, the user will be prompted to provide their specific endpoint domain when creating a new account.

Inherited from

BaseAuthentication.requiresEndpointUrl

Defined in

types.ts:238


scopeDelimiter

Optional scopeDelimiter: " " | "," | ";"

The delimiter to use when joining scopes when generating authorization URLs.

The OAuth2 standard is to use spaces to delimit scopes, and Coda will do that by default. If the API you are using requires a different delimiter, say a comma, specify it here.

Defined in

types.ts:393


scopeParamName

Optional scopeParamName: string

In rare cases, OAuth providers may want the permission scopes in a different query parameter than scope.

Defined in

types.ts:446


scopes

Optional scopes: string[]

Scopes that are required to use this pack.

Each API defines its own list of scopes, or none at all. You should consult the documentation for the API you are connecting to.

Defined in

types.ts:386


tokenPrefix

Optional tokenPrefix: string

A custom prefix to be used when passing the access token in the HTTP Authorization header when making requests. Typically this prefix is Bearer which is what will be used if this value is omitted. However, some services require a different prefix. When sending authenticated requests, a HTTP header of the form Authorization: <tokenPrefix> <token> will be used.

Defined in

types.ts:401


tokenQueryParam

Optional tokenQueryParam: string

In rare cases, OAuth providers ask that a token is passed as a URL parameter rather than an HTTP header. If so, this is the name of the URL query parameter that should contain the token.

Defined in

types.ts:423


tokenUrl

tokenUrl: string

The URL that Coda will hit in order to exchange the temporary code for an access token at the end of the OAuth handshake flow.

Defined in

types.ts:379


type

type: OAuth2

Identifies this as OAuth2 authentication.

Defined in

types.ts:367


useProofKeyForCodeExchange

Optional useProofKeyForCodeExchange: boolean

Option to apply PKCE (Proof Key for Code Exchange) OAuth2 extension. With PKCE extension, a code_challenge parameter and a code_challenge_method parameter will be sent to the authorization page. A code_verifier parameter will be sent to the token exchange API as well.

code_challenge_method defaults to SHA256 and can be configured with pkceChallengeMethod.

See https://datatracker.ietf.org/doc/html/rfc7636 for more details.

Defined in

types.ts:435