OAuth2Authorize
New to Analytica 6.6
Requires Analytica Enterprise or better.
This function provides a way to log into a web service provider that uses OAuth2, such as Google Docs, Salesforce, Microsoft, Dropbox, Github, Slack, Box and many others.
At the present time, this only works from desktop Analytica (not ACP).
OAuth2Authorize( client_id, auth_url, token_url, client_secret, scope, timeout, extra_auth_params, redirect_port )
Obtains an OAuth2 access token from a service provider using the OAuth 2.0 Authorization Code Flow. This function initiates the authorization sequence by opening a browser window or tab where the user logs in and consents to the requested permissions. Upon successful authentication, the function captures the authorization response and returns the access token, which can then be used to authorize subsequent API requests.
This flow is commonly used by APIs from services such as Google Docs, Salesforce, Microsoft, Dropbox, Github, Slack, Box, and many others.
Before using this function, you must register a Desktop application with your provider and create a client ID. For example, to use Google APIs, visit the Credentials page in your GCP console, select "Create Credentials" → "OAuth Client ID", and choose "Desktop App" as the application type. Set the redirect URI to "http://localhost". After completing this setup, your provider will issue the required values for «client_id», «auth_url», «token_url», and possibly «client_secret». You will also need to determine the appropriate «scope» string(s) for your use case.
Example
Variable OAuth_token := OAuth2Authorize( client_id, auth_url, token_url, client_secret: client_secret, scope: "https://www.googleapis.com/auth/documents.readonly" )
The result is an access token string, typically a long sequence of characters. This token can be included in HTTP request headers, such as:
ReadFromURL( ..., httpHeaders: f"Authorization: Bearer {OAuth_token}" )
Parameters:
- «client_id»
- The client ID issued by your OAuth provider when registering your application.
- «auth_url»
- The authorization endpoint URL, used to initiate the login and consent flow.
- «token_url»
- The token endpoint URL, used to exchange the authorization code for an access token.
- «client_secret»
- (Optional) The client secret issued with your client ID. Not required if using PKCE (recommended).
- «scope»
- (Optional) A space-separated list of scopes that define the permissions being requested (e.g., read access to documents). The required scopes are provider-specific.
- «timeout»
- (Optional, default = 120) The number of seconds to wait for the user to complete login before giving up.
- «extra_auth_params»
- (Optional) A list or table of additional parameters to include in the initial authorization request, such as prompt or access_type. Format is provider-specific.
- «redirect_port»
- (Optional) The specific local port number to listen on for the redirect callback. Defaults to a dynamically assigned unused port.
Using the token
Once you have received the token from OAuth2Authorize, you can pass this to web service calls in the HTTP headers using:
ReadFromURL( url, httpHeaders: f"Authorization: Bearer {token}" )
Alternatively, you can call
_SetAuthorizationKey( urlPrefix, f"Bearer {token}" )
one time prior to making any ReadFromURL calls. When the url starts with the prefix, it will automatically insert the authorization, simplifying your calls to just
ReadFromURL(url)
Enable comment auto-refresher