Configuring OAuth2 Providers

You can use Business Manager to configure OAuth2 providers, but you must first register your site with the providers you select.
  1. Select Administration > Global Preferences > OAuth2 Providers.
  2. On the OAuth2 Providers page, click New to create a new provider or click an ID to edit an existing provider record.
  3. On the Global Preferences OAuth2 Providers Edit page, edit or create the following details:
    Option Description
    Client ID Obtain from the provider
    Client Secret When a client registers with an OAuth2 provider, the provider issues the client a client secret, which is considered private and must be kept confidential. The value of this field is kept encrypted in the database (but is in plain text when exported from the database, or imported into the database).
    Scopes Corresponds to the scopes available for the OAuth2 provider and configured for the web site when registering the web site on the provider's web site. The scopes are provider-specific and are not standardized. For more information, see section 3.3 Access Token Scope in the OAuth2 specification.
    Authorization URL URL of the provider where the initial OAuth2 handshake occurs. For more information, see section 3.1 Authorization Endpoint in the OAuth2 specification.
    Token URL URL of the provider where the token is requested from. For more information, see section 3.2 Token Endpoint in the OAuth2 specification.
    User Info URL URL of the provider where the actual user information (first name, last name, email, and so on) is requested from. For more information, see section 7 Accessing Protected Resources in the OAuth2 specification.
    User Info URL Access Token Name

    Specifies the name of the query parameter

    When a request to the User Info URL is made, the access token value is attached to the request as a URL query parameter value. This parameter value specifies the name of the query parameter. For most providers it is access_token, but it's different for some (for example, for LinkedIn, it is oauth2_access_token).

    Redirect Pipeline Node After the OAuth2 provider grants access to the client application, the provider returns control to the specified pipeline node.

    Google retired Google OAuth2 as of September 2014. Google is no longer available as an OAuth2 provider in the Business Manager Administration module. You must use Google Plus instead.

    If you use Google as your OAuth2 provider, you must update your settings to GooglePlus.

  4. Click Apply to save your changes.