Custom

Enhanced Advanced

Obtain required information

Note

The OAuth application must have the following redirect URL. Replace connect.example.org with the address of the Connect server.

https://connect.example.org/__oauth__/integrations/callback

Note

For OAuth application administrators who prefer to use the same OAuth application for both Posit Connect and Posit Workbench, simply register the Workbench redirect URL (https://workbench.example.org/oauth_redirect_callback) in addition to the Connect redirect URL.

Obtain the following information from the OAuth application administrator:

  • client_id
  • client_secret (optional) - required for confidential clients

Obtain the following information from the OAuth application administrator, or from the Authorization Server Metadata Endpoint.

  • authorization_endpoint
  • token_endpoint

Create OAuth integration in Posit Connect

The Posit Connect administrator creates an OAuth integration through the dashboard’s Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.

Create custom oauth integration.

Alternatively, the example below shows how to create a Confidential Custom OAuth integration using curl and the Connect Server API.

Note

Replace connect.example.org with the address of the Connect server.

Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
  -XPOST https://connect.example.org/__api__/v1/oauth/integrations \
  --data '{
    "template": "custom",
    "name": "Custom OAuth integration",
    "description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
    "config": {
      "client_id": "<client-id>",
      "client_secret": "<client-secret>",
      "authorization_uri": "<authorization-endpoint>",
      "token_uri": "<token-endpoint>",
      "scopes": "offline_access openid profile email"
    }
  }'
# 200 OK
# {"guid": "<oauth-integration-guid>", ... }
Note

OAuth integrations in Connect use the PKCE (Proof Key for Code Exchange) extension for the authorization code flow by default. PKCE is required in the upcoming OAuth 2.1 specification, and is recommended in all cases to protect against authorization code injection attacks. If necessary, PKCE can be disabled by creating a Custom integration with "use_pkce": false in the config map, but this is not recommended.