OAuth2 Overview

The OAuth2 (OAuth 2.0) Framework allows third party applications temporary access to a web service account owned by the end-user without the need for the host application to obtain or store login information.

Generally speaking, a web service refers to an on-line application which provides a public API to access its functionality. Examples are web email services such as GMail or Cloud Drive services such as Microsoft OneDrive.

In order for an application (such as one using ReportBuilder) to successfully communicate with a secured web service, a special authorization process must be completed adhering to the OAuth2 standards. Below is a brief description of the OAuth2 workflow.  This workflow is handled internally by ReportBuilder and is for reference only.

1. The client application must be registered with the web service. For instance, if the application needs access to GMail, the developer/provider first needs to register the app with the Google Developer’s Console. Once registered, a Client ID, Client Secret, and Redirect URI are provided/set. These values are used by the client application to initially access the API.

2. Using the Client ID, Client Secret, and Redirect URI, the client application must request an Authorization Code from the API. This is done separate from the client application in a web browser. Generally the user will log into their account as they normally would using the default web browser for their machine. If login is successful, the web service will provide the Authorization code.

3. The Authorization code is used to obtain a temporary Access Token allowing access to the requested features of the Web service. The access token is essentially a temporary password granting access to the web service on the user’s behalf.

4. The web service API may now be used by the client application via HTTP.

Visual

Client Application ==> User Login (Browser) ==> Auth Code Generated ==> Access Token Generated ==> API Access

Using the above process, the client application does not need to use or store the login credentials of the end-user, thus providing an extra layer of security when accessing sensitive information.

For more detailed information about the OAuth2 framework, please see the following web site: https://oauth.net/2/