Create an OAuth2.0 Connector

The OAuth2.0 connector allows you to easily connect SigningHub with any third-party authentication service that supports the OAuth2.0 protocol, like Google, LinkedIn, Salesforce, and Facebook. The "Auth URL" provided in the connector will be used for identifying the third-party service configured in the connector and then authenticating the end users a the time of both logging into SigningHub and performing signatures.

Create an OAuth2.0 connector

  1. Click the 'Configurations' option from the navigation panel.

  2. Click the 'Connectors' option.

  3. Click theicon from the grid header.

  4. The 'Add' connector screen will appear to add the connector details. It comprises of two sections, i.e. Basic Information and Details. Specify the basic information and click the button to provide the respective connector details.

  5. Click the 'Create' button. A new connector will be saved and displayed in the list. See the table below for field descriptions.

Basic Information Section

Fields

Description

Name

Specify a unique name for this connector, i.e. My Google. This connector will be used in the configuration of Authentication Profiles.

Provider

Select the provider for this connector, i.e. "OAuth2.0".

Purpose

This field will display the purpose of the selected provider above, i.e. the purpose of "OAuth2.0" is "Authentication".

Active

Select to make this connector active. Keep the check box empty to make the connector In-active. An inactive connector cannot be configured in the Authentication Profiles.

The following table describes the fields on the "Details" section of this screen

Details Section

Fields

Description

Logo

Select an appropriate image in the jpeg, jpg, gif or png format for the connector's logo that will be displayed on the login screen.

Auth URL

Enter the endpoint as provided by the third-party authentication server. For example, "https://accounts.google.com/o/oauth2/v2/auth" is for Google.

Client ID

Enter the registered client ID as provided by the third-party authentication server. By default, the text is masked with asterisks, you can click to view the entered text.

Client Secret

Enter the client secret as provided by the third-party authentication server. By default, the text is masked with asterisks, you can click to view the entered text.

Scope

Enter the scope if required by the third-party authentication server. If not required, leave empty.

Resource

Enter the resource value if required by the third-party authentication server. If not required, leave empty.

Client Authentication

Specify how the client credentials are sent to the authentication server during the token request process. This determines the method used to authenticate the client application. From the drop-down select either of the following option:

  • Form-Encoded Body Parameters: Sends the client ID and secret within the request body as URL-encoded parameters. This is the default method.

  • Basic Authentication: Sends the client ID and secret in the HTTP Authorization header using Basic authentication. This method is more secure.

Access Token URL

Enter the endpoint as provided by the third-party authentication server for exchanging the authorisation code for an access token. For example, "https://www.googleapis.com/oauth2/v4/token" is provided by Google.

Token Info Service

Select the mechanism for obtaining user information from the OAuth server after authentication. This determines how SigningHub retrieves and validates user details. From the drop-down select either of the following option:

  • User Info: Sends a GET request to the user info endpoint to fetch user details. This is the default method.

  • Introspection: Sends a POST request to the introspection endpoint to retrieve user information.

Token Info URL

Enter the endpoint URL provided by the third-party authentication server to fetch user details. This URL is used in conjunction with the selected Token Info Service to verify and match the logged-in user's information in SigningHub. For example, if 'User Info' is selected as the 'Token Info Service', Google’s endpoint is "https://www.googleapis.com/oauth2/v2/userinfo". This endpoint is essential for retrieving user details such as email to confirm the user’s presence in the SigningHub database.

Email [Attribute]

Enter the value as provided by the third-party authentication server for getting the value of Email Address from the User Info endpoint response. This field is mandatory for all third-party services and accepts only text (non-numeric) values. The value required in this field may vary for different third-party services. For example, "email" is requested by Google, and "mail" by "Azure Active Directory"

Name [Attribute]

Enter the value as provided by the third-party authentication server for getting the value of Name from the User Info endpoint response. . This field is optional for all third-party services. The value required in this field may vary for different third-party services. For example, "name" is requested by Google, and "displayName" by "Azure Active Directory".

  1. For example, if your SigningHub site is "https://web.signinghub.com," then the Callback URL for SigningHub will be "https://web.signinghub.com/OAuth2/CallBack".

  2. If you do not wish to implement Single Sign-On (SSO), and would like to authenticate the user every time, add "prompt=login" at the end of the Auth URL. For example, "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?prompt=login".

PreviousCreate a Maxmind GeoIP ConnectorNextCreate an Office 365 Connector

Last updated