Creating OAuth Sources
There are two supported ways to create OAuth Sources via the API.
- Use Airbyte credentials through browser authentication/authorization
- Authenticate/authorize a source using your browser and receive a secret with which you can create the source in Airbyte.
- Bring your own credentials through a Workspace OAuth credential override
- Obtain your own credentials and tokens and set up a workspace-level credential override so you can create the source in Airbyte with your own tokens.
These two approaches are mutually exclusive
For right now, if an Workspace OAuth credential override is created in a given workspace, creating OAuth sources through Flow 1 above or the UI will not work as expected within that workspace. If you bring your own credentials, for now all new sources of that type in that workspace will have to be created with a full set of OAuth credentials & tokens.
1) Use Airbyte credentials through browser authentication/authorization
Initiate Source OAuth
Using the initiateOAuth endpoint (🔗), a link to the authorization server of any source can be generated. That link can be used to authenticate the source, and the returned credentials/tokens will be stored in Airbyte's internal GCP Secret store and an identifier for that secret will be returned to you.
In order to achieve this, a valid redirect URL must be included with the request to the initiateOAuth endpoint. This will allow us to redirect the user to that endpoint at the end of the flow with a secret_id query string parameter containing the secret's identifier.
Source creation
Once the secret identifier for a given source has been obtained, the next step is to perform a standard POST to the sources endpoint 🔗 and in the body of the request, pass the secret identifier in the secretId field.
Note: Using this workflow, some of the source OAuth configuration that would normally be required is not required and gets filled out by the Airbyte API based on the secret identifier you provide. To determine what would no longer be required, see the source's connector specification and look for the section delineating the OAuth information.
When the request returns successfully, a fully functional OAuth source will have been created in the requested workspace.
2) Bring your own credentials through a Workspace OAuth credential override
Workspace OAuth credential override
Airbyte has its own set of OAuth credentials that it uses for all syncs in Airbyte Cloud. If a source is created in a workspace following the connector specification and a client ID/client secret/access token/refresh token are passed in, the source will be created. But when a sync tries to run, the source will use Airbyte's client ID and client secret instead of the ones provided and the sync will fail.
By POST'ing to the Workspace OAuth credential override you can create workspace-level OAuth credential overrides for a specific source definition. This means for that specific workspace and source definition, Airbyte Cloud will use your OAuth credentials when doing anything OAuth-related instead of the Airbyte owned credentials.
Once override credentials have been set for a workspace, then it's time to create a source!
Source creation
Since the OAuth credentials have already been set, OAuth sources for that source definition in that workspace will automatically use the override credentials.
The source configuration can be posted to the https://api.airbyte.com/v1/sources endpoint as outlined in the connector specification, including the relevant OAuth credentials and tokens.
When the request returns successfully, a fully functional OAuth source will have been created in the requested workspace.
Updated 18 days ago