Configuration

Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Your Contact E-mail

What are you looking for

How can we help you?

Configure OAuth

Navigate to the Configure OAuth tab of the module to start the configuration.
Select the Identity Provider (OAuth Server) from the Select Application dropdown menu. Select Custom OAuth 2.0 Provider if your IDP is not on the list.
Provide a unique name to your application/IDP under the Custom App Name text field.
As per the custom app name, a callback/redirect URL will be generated. You will need it while configuring the OAuth Server. The Callback/Redirect URL is the URL where the user will be redirected after the successful authentication.
Now, please select the Grant Type based on your use case requirements. The following grant types are supported in the module
- Authorization Code: This method is used when the application exchanges the authorization code for tokens. This is the most popular approach, and it is chosen by default.
- Authorization Code (With PKCE): This method is used for single-page and mobile applications.
- Password: This method is used when the application exchanges the user’s username and password for tokens.
- Implicit: This method is used for single-page JavaScript apps to get tokens without an intermediate code exchange step.
After that provide the information about your OAuth provider like Client ID, Client Secret, Scope, and Endpoints.

Note: If you have selected an option from the Select Application dropdown, the Scope, and Endpoints will be auto-populated just update the relevant part for these fields.
- Client ID: It is a public identifier for the app. It must also be unique across all clients that the authorization server handles. You will get it from OAuth Provider.
- Client Secret: The Client secret is a secret known only to the client application and the authorization server. It is aslo you wil get it from OAuth Provider.
- Application Type: Select 'OpenID Connect Application' to fetch the user details from an ID token or 'OAuth 2.0 Application' to fetch user details from the UserInfo endpoint.
- Authorization Endpoint: The authorization endpoint is where the Client application sends the end user to get authenticated.
- Access Token Endpoints: The access token endpoint is where Client apps request tokens on behalf of users.
- User Info Endpoints: The userInfo endpoint is an OpenID Connect endpoint that provides information about a user when the Client presents access tokens.
Once done, click on the Save Configuration button to save the configuration.
Now click on the Perform Test Configuration button to check the connection between the Drupal and the Configured OAuth Provider.
On a Test Configuration popup, if you don't have an active session in your provider on the same browser, you'll be prompted to sign in to the provider. Once successfully logged in, you'll receive a list of attributes retrieved from the Provider.

The module is successfully configured with the OAuth Provider.