Configuring OAuth Authentication for all Identity Providers

You can configure OAuth Authentication for all supported identity providers.

  1. Click Integration, then the OAuth Proxy tab.

    This tab contains a list of all supported social identity providers. By default, all social identity providers are disabled when Social Login is deactivated. You can enable or disable each social identity provider independently.

  2. Click to configure the OAuth identity settings for the desired provider (for example, for Google).

    The settings are:

    Base URL
    URL for obtaining user’s information on the identity provider.
    Authentication URL
    Authentication endpoint. This URL must be set to the one of the OAuth popup.
    Exchange Code URL
    Token endpoint. This endpoint is used to exchange the authorization code for tokens (access token or refresh token).
    Refresh Token URL
    Refresh token endpoint. This endpoint is used to refresh the access token using the refresh token.
    Scope
    Scopes separated by space or comma, depending on the identity provider API. (eg. Comma-separated for Facebook, space-separated for Google). Can be empty if the provider does not implement OAuth scope (eg. Dropbox).
    Client ID
    Client identifier set in the identity provider
    Client Secret
    Client secret (private key) set in the identity provider.
    Allow list
    Domain allowlist.

    Here are examples for certain providers:

    Google
    Base URL https://www.googleapis.com/plus/v1/people/me
    Authentication URL https://accounts.google.com/o/oauth2/auth
    Exchange Code URL https://accounts.google.com/o/oauth2/auth
    Refresh Token URL https://www.googleapis.com/oauth2/v3/token
    Scope

    https://www.googleapis.com/auth/plus.login

    https://www.googleapis.com/auth/plus.me

    https://www.googleapis.com/auth/userinfo.email

    https://www.googleapis.com/auth/userinfo.profile

    Dropbox
    Base URL empty
    Authentication URL https://www.dropbox.com/1/oauth2/authorize
    Exchange Code URL https://api.dropboxapi.com/1/oauth2/token
    Refresh Token URL empty
    Scope empty
    Box
    Base URL empty
    Authentication URL https://app.box.com/api/oauth2/authorize
    Exchange Code URL https://app.box.com/api/oauth2/token
    Refresh Token URL https://app.box.com/api/oauth2/token
    Scope empty
    Facebook
    Base URL https://graph.facebook.com/me
    Authentication URL https://www.facebook.com/dialog/oauth
    Exchange Code URL https://graph.facebook.com/v2.3/oauth/access_token
    Refresh Token URL empty
    Scope public_profile, email
    Microsoft
    Base URL empty
    Authentication URL https://login.live.com/oauth20_authorize.srf
    Exchange Code URL https://login.live.com/oauth20_token.srf
    Refresh Token URL https://login.live.com/oauth20_token.srf
    Scope wl.signin wl.offline_access onedrive.readwritewl.emails
    Zoom
    Base URL empty
    Authentication URL https://zoom.us/oauth/authorize
    Exchange Code URL https://zoom.us/oauth/token
    Refresh Token URL https://zoom.us/oauth/token
    Scope user:read

  3. After configuring the OAuth proxy for each provider, switch OAuth Proxy on.
  4. Register 3DPassport on the site of the OAuth provider.