Configure OAuth2 Providers

You can use Business Manager to configure OAuth2 providers, but you must first register your site with the providers you select.
  1. Select Administration > Global Preferences > OAuth2 Providers.
  2. To create a provider, click New or New from Template. To edit an existing provider record, click its ID.
    Google Plus has been deprecated, so don’t use the Google Plus template. For instructions on using Google, including migrating from Google Plus, see the Google developer documentation.
  3. On the Global Preferences OAuth2 Providers Edit page, edit or create the following details:
    Option Description
    Client ID Obtain from the provider.
    Client Secret When a client registers with an OAuth2 provider, the provider issues the client a client secret, which is considered private and must be kept confidential. The value of this field is kept encrypted in the database (but is in plain text when exported from the database, or imported into the database).
    Scopes Corresponds to the scopes available for the OAuth2 provider and configured for the web site when registering the web site on the provider's web site. The scopes are provider-specific and are not standardized. For more information, see section 3.3 Access Token Scope in the OAuth2 specification.
    Authorization URL URL of the provider where the initial OAuth2 handshake occurs. For more information, see section 3.1 Authorization Endpoint in the OAuth2 specification.
    Token URL URL of the provider where the token is requested from. For more information, see section 3.2 Token Endpoint in the OAuth2 specification.
    User Info URL URL of the provider of the user information (first name, last name, email, and so on). For more information, see section 7 Accessing Protected Resources in the OAuth2 specification.
    User Info URL Access Token Name

    Specifies the name of the query parameter.

    When a request to the User Info URL is made, the access token value is attached to the request as a URL query parameter value. This parameter value specifies the name of the query parameter. For most providers, it is access_token, but it's different for some (for example, for LinkedIn, it is oauth2_access_token).

    Redirect Pipeline Node After the OAuth2 provider grants access to the client application, the provider returns control to the specified pipeline node.
  4. To save your changes, click Apply.