OAuth Support¶
UCC allows you to add Auth support in the configuration page.
UCC supports two types of authentication:
- Basic Authentication
- OAuth2.0 Authentication
The OAuth2.0 authentication is supported in two ways:
- Authorization Code Flow - interactive mode, with
grant_type=authorization_code. It is used by specifyingoauthin theauth_typefield. - Client Credentials Flow - non-interactive mode, with
grant_type=client_credentials. It is used by specifyingoauth_client_credentialsin theauth_typefield.
More information about the OAuth2.0 authentication can be found in the OAuth2.0 RFC6749.
OAuth can be used inside the entity tag. Use type: "oauth" in the entity list and specify the options next to the type: "oauth".
Properties¶
typefield value must be oauth.-
options:auth_typemust be present. The following values are available: [“basic”, “oauth”, “oauth_client_credentials”]basicmust be present only if the auth_type is [“basic”].- This will have a list of fields for you to add in the basic authentication flow. In the given example, it is username, password, and security_token.
- Note: As of now, if you are selecting basic as auth_type, then the username and password fields are mandatory.
oauthwill have a list of fields for you to add in the oauth authentication flow. In the given example, it isclient_id,client_secret,redirect_url,scope, andendpoint.- These fields are mandatory:
client_idis the client id for applying auth to your app or apps.client_secretis the client secret for applying auth to your app or apps.redirect_urlwill show the redirect url, which needs to be put in the app’s redirect url.endpointwill be the endpoint for you to build oauth support. For example, for salesforce, it will either be “login.salesforce.com”, “test.salesforce.com”, or any other custom endpoint.- There is also the ability to specify separate endpoints for authorize and token. To do this, instead of the single ‘endpoint’ field, use two separate ones:
endpoint_authorizespecifies the endpoint used for authorization, for example, login.salesforce.com.endpoint_tokenspecifies the endpoint used for the token acquisition, for example, api.login.salesforce.com.
- There is also the ability to specify separate endpoints for authorize and token. To do this, instead of the single ‘endpoint’ field, use two separate ones:
oauth_client_credentialsis a non-interactive flow with Client Credentials grant.- For the
oauth_client_credentialsflow, the following fields are mandatory:client_id_oauth_credentialsis the client id for applying auth to your app or apps.client_secret_oauth_credentialsis the client secret for applying auth to your app or apps.endpoint_token_oauth_credentialsspecifies the endpoint used for the token acquisition, for example, api.login.salesforce.com.
- Optional field is
scope- the scope of the access request. auth_code_endpointmust be present and its value should be the endpoint value for getting the auth_code using the app. If the url to get the auth_code is https://login.salesforce.com/services/oauth2/authorize, then this will have the value /services/oauth2/authorize.access_token_endpointmust be present and its value should be the endpoint value for getting the ccess_token using the auth_code received. If the url to get the access token is https://login.salesforce.com/services/oauth2/token, then it will have the value /services/oauth2/token.auth_labelallows the user to have the custom label for the Auth Type dropdown.oauth_popup_widthis the width in pixels of the pop-up window that will open for oauth authentication (Optional, defaults to 600).oauth_popup_heightis the height in pixels of the pop-up window that will open for oauth authentication (Optional, defaults to 600).oauth_timeoutis the timeout in seconds for oauth authentication (Optional, defaults to 180 seconds).oauth_state_enabledis used to include the state for oauth authentication (default value is false).-
auth_endpoint_token_access_typeis an optional parameter that is mapped into the value of the token_access_type query param in the authorisation url. -
The fields allowed in the basic and oauth fields are the following:
oauth_fieldshould be kept as it is and without any change.labelcan be changed if the user wants to change the label of the field in UI.fieldmust keep it as it is for mandatory fields as mentioned before.helpcan be changed the if user wants to change the help text displayed below the field.encryptedshould be true if the user wants that particular field encrypted, otherwise, there is no need to have this parameter.requiredspecifies whether the field is required or not. The default value is true.defaultValueis the initial input value (string, number, or boolean).validatorsarray that is used to validate the values of fields using various validators. It is strongly advised to specify validators for every entity.options:placeholder: (RENOUNCED) The placeholder for the field.disableonEdit: When the form is in edit mode, the field becomes unable to be edited. The default value is false.enable: The enable property sets whether a field is enabled or not. The default value is true.
Placeholder deprecation
The Placeholder attribute is deprecated and renounced. Instead, we recommend to use the “help” attribute.
Usage¶
"configuration": {
"title": "Configurations",
"description": "Configure your servers and templates.",
"tabs": [
{
"name": "account",
"title": "Account",
"entity": [
{
"field": "name",
"label": "Name",
"type": "text",
"required": true,
"help": "Enter a unique name for each Crowdstrike falcon host account.",
},
{
"type": "oauth",
"field": "oauth",
"label": "Not used",
"options": {
"auth_type": [
"basic",
"oauth",
"oauth_client_credentials"
],
"basic": [
{
"oauth_field": "username",
"label": "User Name",
"field": "username",
"help": "Enter Account name."
},
{
"oauth_field": "password",
"label": "Password",
"field": "password",
"encrypted": true,
"help": "Enter Password."
},
{
"oauth_field": "security_token",
"label": "Securtiy Token",
"field": "security_token",
"encrypted": true,
"help": "Enter Security Token."
}
],
"oauth": [
{
"oauth_field": "client_id",
"label": "Client Id",
"field": "client_id",
"help": "Enter Client Id."
},
{
"oauth_field": "client_secret",
"label": "Client Secret",
"field": "client_secret",
"encrypted": true,
"help": "Enter Client Secret."
},
{
"oauth_field": "redirect_url",
"label": "Redirect url",
"field": "redirect_url",
"help": "Please add this redirect URL in your app."
},
{
"oauth_field": "scope",
"label": "Scope",
"field": "scope",
"help": "Enter the scope for the authorization code with ',' separating each scope.",
"required": false
},
{
"oauth_field": "endpoint",
"label": "Endpoint",
"field": "endpoint",
"help": "Enter Endpoint"
}
],
"oauth_client_credentials": [
{
"oauth_field": "client_id_oauth_credentials",
"label": "Client Id",
"field": "client_id_oauth_credentials",
"help": "Enter Client Id."
},
{
"oauth_field": "client_secret_oauth_credentials",
"label": "Client Secret",
"field": "client_secret_oauth_credentials",
"encrypted": true,
"help": "Enter Client Secret."
},
{
"oauth_field": "scope",
"label": "Scope",
"field": "scope",
"help": "Enter the scope for the authorization code with ',' separating each scope.",
"required": false
},
{
"oauth_field": "endpoint_token_oauth_credentials",
"label": "Endpoint",
"field": "endpoint_token_oauth_credentials",
"help": "Enter Endpoint"
}
],
"auth_label": "Auth Type",
"oauth_popup_width": 600,
"oauth_popup_height": 600,
"oauth_timeout": 180,
"auth_code_endpoint": "/services/oauth2/authorize",
"access_token_endpoint": "/services/oauth2/token",
"auth_endpoint_token_access_type": "offline"
}
}
],
}
]
}
Output¶
This is how the Add Account modal looks after adding the above code to the globalConfig.json file:
This is how Add Account looks when the auth_type is basic:
This is how Add Account looks when the auth_type is oauth:
