OAuth2
Use OAuth2 middleware to secure HTTP endpoints
The OAuth2 HTTP middleware enables the OAuth2 Authorization Code flow on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code.
Component format
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: oauth2
spec:
type: middleware.http.oauth2
version: v1
metadata:
- name: clientId
value: "<your client ID>"
- name: clientSecret
value: "<your client secret>"
- name: scopes
value: "https://www.googleapis.com/auth/userinfo.email"
- name: authURL
value: "https://accounts.google.com/o/oauth2/v2/auth"
- name: tokenURL
value: "https://accounts.google.com/o/oauth2/token"
- name: redirectURL
value: "http://dummy.com"
- name: authHeaderName
value: "authorization"
- name: forceHTTPS
value: "false"
Warning
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described here.Spec metadata fields
Field | Details | Example |
---|---|---|
clientId | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform | |
clientSecret | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform | |
scopes | A list of space-delimited, case-sensitive strings of scopes which are typically used for authorization in the application | "https://www.googleapis.com/auth/userinfo.email" |
authURL | The endpoint of the OAuth2 authorization server | "https://accounts.google.com/o/oauth2/v2/auth" |
tokenURL | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | "https://accounts.google.com/o/oauth2/token" |
redirectURL | The URL of your web application that the authorization server should redirect to once the user has authenticated | "https://myapp.com" |
authHeaderName | The authorization header name to forward to your application | "authorization" |
forceHTTPS | If true, enforces the use of TLS/SSL | "true" ,"false" |
Dapr configuration
To be applied, the middleware must be referenced in configuration. See middleware pipelines.
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: appconfig
spec:
httpPipeline:
handlers:
- name: oauth2
type: middleware.http.oauth2
Related links
- Configure API authorization with OAuth
- Middleware OAuth sample (interactive)
- Middleware
- Configuration concept
- Configuration overview
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified October 3, 2024: Workflow limitations change (#4367) (ed7aee8)