Login
Contents x
OAuth 2.0
  • 04 Jan 2024
  • 7 Minutes to read
  • Dark
    Light
Contents

OAuth 2.0

  • Updated on 04 Jan 2024
  • 7 Minutes to read
  • Dark
    Light
Article Summary

Use this integration to connect with any third-party vendor that uses OAuth 2.0.

Provide the access token maintained by the OAuth 2.0 integration as input for the steps of the third-party service that you want to include in your workflows.

Before you begin, you need to know which flow is supported by the third-party service you want to connect to:

Client Credentials

The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user.

Create an OAuth 2.0 integration in Torq - client credentials grant type

  1. Go to Integrations > Steps.
  2. Locate the OAuth 2.0 card and click it. Click Add.
  3. Type a meaningful name for the integration instance.
  4. Select the Client Credentials option in the Grant Type field.
    Create an OAuth 2.0 integration with the Client Credentials grant type
  5. Get the rest of the information from the third-party service.
    • Client ID and Client Secret are the OAuth 2.0 standard authentication details.
    • Token URL is the endpoint used for generating OAuth 2.0 access tokens.
    • (Optional) Scopes are the permissions set on the token.
  6. To use the access token maintained by the integration use {{ $.integrations.<your OAuth 2.0 integration name>.access_token }} in the token input field of the steps in your workflow. For example (replace oauth_client_credentials_integration_name with the name of the integration you created):
    Use the integration token in a Torq step

Example: Create an OAuth 2.0 integration with the client credentials grant type for Torq

This example shows how to create an OAuth 2.0 integration to make sure you always have a viable Torq access token you can use in Torq steps. The process of getting the required information from a different third-party service provider may vary. This example is meant to give you a sense of the actions you need to take.

  1. In Torq, click your workspace icon/avatar.
  2. Click API Keys > Create API Key.
    Create A Torq API key
  3. Give the API key a meaningful name and click Create.
  4. Copy the Client ID and Client Secret to use when you create the OAuth 2.0 integration in Torq.
  5. Get the Token URL from the Torq documentation: https://auth.torq.io/v1/auth/token
  6. Create an OAuth 2.0 integration in Torq.
  7. To use the always valid access token maintained by the OAuth 2.0 integration you created in Torq steps, add a Torq step to the designer and enter {{$.integrations.<OAuth 2.0 integration name>.access_token}} in the TORQ_ACCESS_TOKEN field. Replace <OAuth 2.0 integration name> with the name of the OAuth 2.0 integration you created.
    Use the integration token in a Torq step

Authorization Code

The Authorization Code grant type is used by clients to obtain an access token from a service provider with the permission of the resource owner (the user).

Create an OAuth 2.0 integration in Torq - authorization code grant type

  1. Go to Integrations > Steps.
  2. Locate the OAuth 2.0 card and click it. Click Add.
  3. Type a meaningful name for the integration instance.
  4. Select the Authorization Code option in the Grant Type field.
    Create an OAuth 2.0 integration with the authorization code grant type
  5. Get the rest of the information from the third-party service.
    • Client ID and Client Secret are the OAuth 2.0 standard authentication details.
    • Token URL is the endpoint used for generating OAuth 2.0 access tokens.
    • Auth URL is the endpoint where the user is redirected to grant permission for the application to access their resources.
    • (Optional) Scopes are the permissions set on the token.
  6. The Authorized Redirect URI for the third party should be copied from the Callback URL displayed in the integration popup.

  7. To use the access token maintained by the integration use {{ $.integrations.<your OAuth 2.0 integration name>.access_token }} in the token input field of the steps in your workflow. For example (replace oauth_2_0_integration_name with the name of the integration you created):
    Use the integration token in workflow steps

Example: Create an OAuth 2.0 integration with the authorization code grant type for Google Workspace

This example shows how to create an OAuth 2.0 integration to make sure you always have a viable Google Workspace access token you can use in Google Workspace steps. The process of getting the required information from a different third-party service provider may vary. This example is meant to give you a sense of the actions you need to take.

  1. Log in to your Google Workspace project: console.cloud.google.com.
  2. Go to APIs & Services > +ENABLE APIS AND SERVICES. Select the cards of the APIs you want to use in Torq and make sure they are enabled.
    Enable APIs and services in Google Workspace
  3. Go to Credentials > +CREATE CREDENTIALS and select OAuth client ID.
    Create credentials in Google Workspace
  4. Provide the following information and click CREATE.
    • Application type: Web application.
    • Name: provide a meaningful name.
    • Authorized Javascript origins: https://app.torq.io or EU: https://app.eu.torq.io
    • Authorized redirect URIs: Copy the value of the Callback URL field in the integration creation form in Torq (https://redir.torq.io/integrations/oauth_2 or EU: https://redir.eu.torq.io/integrations/oauth_2).
      Copy the Callback URL from the integration creation formgoogle_ws_create_oauth_client_id
  5. Copy the Client ID and Client Secret and save them to use in the next step.
  6. Create an OAuth 2.0 integration in Torq with the following additional information:
    • Auth URL: https://accounts.google.com/o/oauth2/v2/auth?access_type=offline. The Auth URL is available in the Google Workspace documentation. Request offline access to the scopes associated with the token (access_type=offline) to enable the refresh of the access token without prompting the user for permission (including when the user is not present).
    • Token URL: https://oauth2.googleapis.com/token. The Token URL is available in the Google Workspace documentation.
    • Scopes: https://www.googleapis.com/auth/drive.metadata.readonly. This is just an example, provide the scopes according to your needs.
      Note
      When updating an integration, attempting to create an integration after a failure, or creating a new integration with the same credentials you may need to go to https://myaccount.google.com/u/0/permissions, select your app, and click REMOVE ACCESS.
  7. To use the always valid access token maintained by the OAuth 2.0 integration you created in Google Workspace steps (according to the requested scopes), provide {{$.integrations.<oauth_2_0_integration_name>.access_token}} as the access token. Replace <oauth_2_0_integration_name> with the name of the OAuth 2.0 integration you created.
    Use the integration token in workflow steps

Refresh Token

When you receive an access token for OAuth authentication it may have information about an expiration period and a refresh token attached to it.

{
    "access_token": "<ACCESS TOKEN>",
    "refresh_token": "<REFRESH TOKEN>",
    "token_type": "bearer",
    "expires_in": 3600
}

A refresh token can be used to get a new access token before the expiration, without user interaction. The OAuth 2.0 integration sends periodic requests to refresh the access token before it expires.

Create an OAuth 2.0 integration in Torq - refresh token grant type

  1. Go to Integrations > Steps.
  2. Locate the OAuth 2.0 card and click it. Click Add.
  3. Type a meaningful name for the integration instance.
  4. Select the Refresh Token option in the Grant Type field.
    Create a OAuth 2.0 integration with the refresh token grant type
  5. Get the rest of the information from the third-party service.
    • Client ID and Client Secret are the OAuth 2.0 standard authentication details.
    • Refresh URL is the endpoint used for generating and refreshing OAuth 2.0 access tokens.
    • Refresh Token is the refresh token provided when you first get your OAuth 2.0 access token.
      Warning

      This is the structure of the requests to refresh a token that are sent by the OAuth 2.0 integration:

      { "refresh_token": "<REFRESH TOKEN>",

      "grant_type": "refresh_token" }

      The client ID and client secret are passed in the headers via basic access authentication.

      The integration can't be created for service providers that require a different format or additional data for the token refresh.

  6. To use the access token maintained by the integration use {{ $.integrations.<your OAuth 2.0 integration name>.access_token }} in the token input field of the steps in your workflow. For example (replace oauth_refresh_token_integration_name with the name of the integration you created):
    Use the integration token in workflow steps

Example: Create an OAuth 2.0 integration with the refresh token grant type for Dropbox

This example shows how to create an OAuth 2.0 integration to make sure you always have a viable Dropbox access token you can use in Dropbox steps. The process of getting the required information from a different third-party service provider may vary. This example is meant to give you a sense of the actions you need to take.

  1. Log in to your Dropbox developer account.
  2. Click Create apps.
  3. Choose a type of access and give your app a meaningful name.
    Create a new app in Dropbox
  4. Copy the app key and secret to use as the Client ID and Client Secret when you create the OAuth 2.0 integration in Torq.
    Copy Dropbox app key and secret
  5. Go to the OAuth 2 section and add https://127.0.0.1 as a Redirect URI.
    Dropbox Redirect URIs
  6. Set the Dropbox App permissions by clicking on the Permissions tab.
    Dropbox Permissions tab
  7. Enter the following URL (replace <CLIENT_ID> with the App key) in your browser: https://www.dropbox.com/oauth2/authorize?client_id=<CLIENT ID>&response_type=code&redirect_uri=https://127.0.0.1&token_access_type=offlineDropbox prompt to approve the torq app
  8. Copy the code you got in the browser.
    code in browser
  9. Run the following cURL command in a terminal. Replace <CODE FROM PREVIOUS STEP> with the code you just copied.
    Note
    You can use any API platform to run this command. Use Torq to run the command by creating a step from the cURL command and executing it. If you’re not using cURL, use application/x-www-form-urlencoded as the request content type (automatically done for you when using Torq).
    curl https://api.dropbox.com/oauth2/token \
-d code=<CODE FROM PREVIOUS STEP> \
-d grant_type=authorization_code \
-d redirect_uri=https://127.0.0.1 \
-u <CLIENT ID>:<CLIENT SECRET>

    10. The output is a JSON object. Copy the refresh token to use when you create the integration in Torq.

    {
    "access_token": "<ACCESS TOKEN>",
    "token_type": "bearer",
    "expires_in": 14399,
    "refresh_token": "<REFRESH TOKEN>",
    "scope": "account_info.read",
    "uid": "*",
    "account_id": "<ACCOUNT ID>"
}

    11. Get the refresh URL from the Dropbox OAuth documentation: https://api.dropbox.com/oauth2/token.
    12. Create an OAuth 2.0 integration in Torq. If your integration is created successfully it means the first token refresh was successful and the token will be refreshed periodically behind the scenes.
    13. To use the repeatedly refreshed token provided by the OAuth 2.0 integration you created in Dropbox steps, add a Dropbox step to the designer and Switch to HTTP mode.
    Dropbox step example switch to HTTP mode14. Enter {{ $.integrations.<OAuth 2.0 integration name>.access_token }} in the TOKEN field. Replace <OAuth 2.0 integration name> with the name of the OAuth 2.0 integration you created in Torq.
    Use the integration token in workflow steps

Was this article helpful?
What's Next
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout