Custom
Obtain required information
The OAuth application must have the following redirect URL. Replace connect.example.org
with the address of the Connect server.
https://connect.example.org/__oauth__/integrations/callback
For OAuth application administrators who prefer to use the same OAuth application for both Posit Connect and Posit Workbench, simply register the Workbench redirect URL (https://workbench.example.org/oauth_redirect_callback
) in addition to the Connect redirect URL.
Obtain the following information from the OAuth application administrator:
client_id
client_secret
(optional) - required forconfidential
clients
Obtain the following information from the OAuth application administrator, or from the Authorization Server Metadata Endpoint.
authorization_endpoint
token_endpoint
Create OAuth integration in Posit Connect
The Posit Connect administrator creates an OAuth integration through the dashboard’s Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.
Alternatively, the example below shows how to create a Confidential
Custom OAuth integration using curl
and the Connect Server API.
Replace connect.example.org
with the address of the Connect server.
Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
-XPOST https://connect.example.org/__api__/v1/oauth/integrations \
--data '{
"template": "custom",
"name": "Custom OAuth integration",
"description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
"config": {
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"authorization_uri": "<authorization-endpoint>",
"token_uri": "<token-endpoint>",
"scopes": "offline_access openid profile email"
}
}'
# 200 OK
# {"guid": "<oauth-integration-guid>", ... }
OAuth integrations in Connect use the PKCE (Proof Key for Code Exchange) extension for the authorization code flow by default. PKCE is required in the upcoming OAuth 2.1 specification, and is recommended in all cases to protect against authorization code injection attacks. If necessary, PKCE can be disabled by creating a Custom integration with "use_pkce": false
in the config
map, but this is not recommended.