help.sitevision.se always refers to the latest version of Sitevision
Add OAuth2 configuration
General
Name
Enter a name for your login.
Identifier
Here you enter a UNIQUE identifier with only characters a-z, 0-9, _ and -
Description
Here you fill in a description about each Oauth2 configuration, e.g. what it will be used for, who/what uses it, etc.
Client ID
Here you enter the client ID and client secret that you have from, for example, Azure, Google or Instagram.
Client ID
Here you enter the client ID from the underlying system.
Client secret
Here you enter the client secret from the underlying system.
Authentication provider
Here you select the login service you want to connect to. There are a number of predefined login services set up. If you are using a different one, you can use the 'Generic' option.
- Microsoft Azure - This will prompt you to enter the Tenant ID. This can also be called Directory ID, Directory ID or Client Organization
- Generic
- Publisher: Specifies an address for the login service.
- Authorization endpoint URL: You find this url from your login service
- Token endpoint URL: This url you find out from your login service
- Client authorization method: Specifies how SiteVision will identify itself when contacting the login service. Default is 'client_secret_basic'. Some login services only support 'client_secret_post'. For non-confidential OAuth2 apps without client secrecy, specify 'none'.
Scopes
Scopes are the permissions that will be requested by the user at login. The permissions are different for different resource servers.
Example of scopes for the Microsoft Graph API. When the scopes below are requested for a user, the user will have to authorize the OAuth2-App to read the user's files and to read and write in the user's calendars.
- Files.Read
- Calendars.ReadWrite
Default scopes
Default scopes are specified for cases where an Extension requests permissions for a user. These scopes will always be requested at login. The individual extension also has the option to request additional scopes.
Here it is a good idea to add the scopes to be requested by all users
Avoid scopes that require admin permissions on the resource server. If such scopes are sent, only administrators can log in
Click on the Add scope link to add a scope.
Application scopes
Specifies all scopes to be requested when an extension makes a call as an OAuth2 App. The extension has no option to add more scopes.
Click the Add scope link to add a scope.
The page published: