Connector 3-legged OAuth 2.0 in Jitterbit Integration Studio¶
Overview¶
Authenticating a connection with 3-legged OAuth 2.0 (3LO) is available for certain Integration Studio connectors when using agent version 10.83 / 11.21 or later. 3LO enables supported connectors to access resources on behalf of a user (without accessing the user's credentials directly) through the use of either a cloud application or a private application.
Cloud applications are Jitterbit-provided 3-legged OAuth applications.
Private applications are 3-legged OAuth applications that you configure and own within the endpoint and then register in the Management Console App Registrations page with these values from the 3-legged OAuth application:
- Client ID and client secret
- Scopes
- Authorization URL
- Access token URL
- Refresh token URL
Once the 3-legged OAuth application is registered on the App Registrations page, it is available to be selected in the OAuth Application menu under Private Applications in the connection configuration. For information on configuring a 3LO connection, see the individual connector documentation.
3LO-supported connectors¶
Currently, the Jira and BMC Helix ITSM connectors support authentication with 3-legged OAuth 2.0.
System architecture¶
These steps detail how a 3LO connection is processed within the system architecture when a supported connector has OAuth selected as the Authentication Mechanism and has either a cloud application or private application selected as the OAuth Application in its connection:
-
While connecting to the endpoint, the user is directed to the authorization URL for the OAuth provider.
-
At the authorization URL, the user is asked to verify credentials and consent to Harmony's authorization request.
-
Once the request is successfully authorized, the OAuth provider issues an authorization code to Harmony.
-
Harmony exchanges the authorization code for an access token from the OAuth provider.
-
Harmony uses the access token to retrieve the required resource from the connector’s API.
Note
Authenticating with 3-legged OAuth is not supported for global connections.
Manage endpoints¶
Once the connection has been configured, you can use the Management Console Projects page to view deployed endpoints for which 3-legged OAuth has been configured for a project (see Endpoints tab).