OAuth Authz Code Browser Authentication with Escape¶
Description¶
The 'OAuth Authorization Code Browser' preset implements the OAuth 2.0 Authorization Code grant type (RFC 6749, Section 4.1):
- Authorization Endpoint: Users are automatically redirected to the OAuth provider's authorization server where they authenticate.
- Browser Automation: The system automatically fills in user credentials and handles the authorization flow without user interaction.
- Code Exchange: Authorization codes are automatically extracted from the redirect URI and exchanged for access tokens.
- PKCE Support: Implements Proof Key for Code Exchange (RFC 7636) for enhanced security by default.
- Token Management: Automatically handles access tokens and refresh tokens, injecting Bearer tokens into authenticated requests.
Performance Note: This authentication method requires browser automation to handle the interactive authorization flow, making it less efficient than API-only methods like OAuth Client Credentials or Resource Owner Password Credentials that use only programmatic HTTP requests. Use this method when the OAuth provider requires user interaction or when maximum security is needed.
Security: This flow is the most secure OAuth 2.0 grant type as it never exposes user credentials to the client application and includes PKCE protection against authorization code interception attacks.
Use Cases: Ideal for web applications, mobile apps, and any scenario where you need to authenticate users through third-party OAuth providers (Google, GitHub, Auth0, etc.) while maintaining the highest security standards.
Examples¶
presets:
- type: oauth_authz_code_browser
authorization_url: https://auth.example.com/oauth/authorize
token_url: https://auth.example.com/oauth/token
client_id: your_client_id
client_secret: your_client_secret
login_timeout: 30
redirect_uri: https://your-app.com/callback
use_pkce: true
scopes:
- read
- write
users:
- username: user1
password: pass1
- username: user2
password: pass2
- username: user3
password: pass3
scopes:
- admin
Extensive Configuration¶
| Property | Type | Default | Description |
|---|---|---|---|
authorization_url * | string | The URL of the OAuth 2.0 authorization endpoint where users will be redirected to login | |
client_id * | string | The client ID to use for the OAuth requests | |
client_secret * | string | The client secret to use for the OAuth requests | |
login_timeout | integer | 30 | Timeout in seconds to wait for the login process to complete |
redirect_uri * | string | The redirect URI registered with the OAuth provider. The authorization code will be extracted from this callback. | |
scopes | List[string] | null | Default scopes to request. Can be overridden per user. |
token_url * | string | The URL of the OAuth 2.0 token endpoint to exchange authorization codes for tokens | |
type * | Const[oauth_authz_code_browser] | oauth_authz_code_browser | |
use_pkce | boolean | true | Whether to use PKCE (Proof Key for Code Exchange) for enhanced security. Recommended for public clients. |
users * | List[OAuthAuthorizationCodeBrowserUserPreset] | A list of users to authenticate |
Objects¶
OAuthAuthorizationCodeBrowserUserPreset¶
| Property | Type | Default | Description |
|---|---|---|---|
cookies | Dict[string, string] | null | Optional cookies injected during the authentication process and in authentified requests. |
headers | Dict[string, string] | null | Optional headers injected during the authentication process and in authentified requests. |
password * | string | The password of the user for the authorization server. | |
query_parameters | Dict[string, string] | null | Optional query parameters injected during the authentication process and in authentified requests. |
scopes | List[string] | null | A list of scopes to request for the user. If not specified, no scope will be requested. |
username * | string | The username of the user. |