Why Use OAuth 2.0 for PoolParty Extractor?

Why Use OAuth 2.0?

Here are the main reasons why you should use OAuth 2.0 for the PoolParty Extractor:

  • Best way to use the PoolParty Extractor in a replicated mode.

  • Industry standard.

  • Centralized authentication system.

  • Improved security.

  • Reduce the authorization overhead.

What is OAuth 2.0?

OAuth 2.0 is a way to delegate user credentials management. You can use it to access the PoolParty Extractor API by providing a token instead of a username/password combination. PoolParty only supports the Client Credentials Grant flow. This Keycloak example shows you how to delegate the user credentials management:

  1. The user sends a POST request to the OAuth 2.0 provider and gets back an authorization token. The format of this request follows the OAuth 2.0 standard but it might differ slightly between providers.

    curl --location -g --request POST 'https://[KEYCLOAK_SERVER]/auth/realms/master/protocol/openid-connect/token' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'username=[USERNAME]' \
    --data-urlencode 'password=[PASSSWORD]' \
    --data-urlencode 'grant_type=password' \
    --data-urlencode 'client_id=[CLIENT_ID]' \
    --data-urlencode 'claim_token_format=urn:ietf:params:oauth:token-type:jwt'

    The returned token will be a JWT token.

  2. The user sends their request to the PoolParty Extractor. The request shall have an extra header called Authorization with the string value "Bearer ", followed by the token obtained above. It is followed by the token obtained in the example above, using the provided token as a bearer token. The request is answered.