The documentation you are viewing is for Dapr v1.13 which is an older version of Dapr. For up-to-date documentation, see the latest version.
OAuth2
Use OAuth2 middleware to secure HTTP endpoints
The OAuth2 HTTP middleware enables the OAuth2 Authorization Code flow on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code.
Component format
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: oauth2
spec:
type: middleware.http.oauth2
version: v1
metadata:
- name: clientId
value: "<your client ID>"
- name: clientSecret
value: "<your client secret>"
- name: scopes
value: "https://www.googleapis.com/auth/userinfo.email"
- name: authURL
value: "https://accounts.google.com/o/oauth2/v2/auth"
- name: tokenURL
value: "https://accounts.google.com/o/oauth2/token"
- name: redirectURL
value: "http://dummy.com"
- name: authHeaderName
value: "authorization"
- name: forceHTTPS
value: "false"
Warning
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described here.Spec metadata fields
Field | Details | Example |
---|---|---|
clientId | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform | |
clientSecret | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform | |
scopes | A list of space-delimited, case-sensitive strings of scopes which are typically used for authorization in the application | "https://www.googleapis.com/auth/userinfo.email" |
authURL | The endpoint of the OAuth2 authorization server | "https://accounts.google.com/o/oauth2/v2/auth" |
tokenURL | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | "https://accounts.google.com/o/oauth2/token" |
redirectURL | The URL of your web application that the authorization server should redirect to once the user has authenticated | "https://myapp.com" |
authHeaderName | The authorization header name to forward to your application | "authorization" |
forceHTTPS | If true, enforces the use of TLS/SSL | "true" ,"false" |
Dapr configuration
To be applied, the middleware must be referenced in configuration. See middleware pipelines.
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: appconfig
spec:
httpPipeline:
handlers:
- name: oauth2
type: middleware.http.oauth2
Related links
- Configure API authorization with OAuth
- Middleware OAuth sample (interactive)
- Middleware
- Configuration concept
- Configuration overview
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.