Skip to end of metadata
Go to start of metadata

Introduction

API Manager supports OAuth 2.0 authentication using Google as the Identity Provider. This page shows how to set up Google as an Identity Provider and obtain the Client ID and Client Secret needed for creating an OAuth 2.0 security profile. After OAuth 2.0 is configured in both Google and the security profile, members of your Jitterbit org and invited developers will be able to use Google authentication to access and consume your Harmony APIs.

TIPS:

  1. For additional information, see these Google API Console Help topics:
  2. This process involves copying information between the Google API Console and the Harmony API Manager. Launching Google API Console and Harmony API Manager in separate browser windows and leaving each window open will simplify the process.

Creating the Google Client ID and Client Secret

NOTE: These instructions are current as of date of publication, but they are subject to change as they are taken from the Google website.

  1. Log in to the Google API Console using your Google (Gmail) email address and password.
  2. Create a new Google API project with the name of your choice. Consider the use case for the Google project and the associated security profile. The name can be anything but consider the use case to make the naming convention of the project as well as the name of the security profile relevant. You can authenticate all your Harmony APIs within the same project, or you might want to create multiple projects to authenticate a specific group of APIs within each project.

    WARNING: Google will reject any API with a redirect URI error if the profile name includes blank spaces. Google also matches the case of mixed case profile names and will reject the API with a redirect error if the redirect URI does not exactly match the mixed case of the profile name assigned in the security profile.

     Click to show or hide the detailed steps and screenshots to create a new Google project
    1. Log in to the Google API Console using your Google (Gmail) account. You must have at least one Google project to continue. These steps outline the process to create a new Google project.

    2. Click the Create Project blue button in the upper right corner of the page.


    3. Click Create again in the Dashboard popup. 


    4. Provide a Project Name. Consider the use case for the Google project and the associated security profile. The name can be anything, but consider the use case to make the naming convention of the project as well as the name of the security profile relevant. You can authenticate all of your Harmony APIs within the same project, or you might want to create multiple projects to authenticate a specific group of APIs within each project.

      WARNING: Google will reject any API with a redirect URI error if the profile name includes blank spaces. Google matches the case of mixed case profile names and will reject the API with a redirect error if the redirect URI does not exactly match the mixed case of the profile name.



    5. Click on Select a project in the upper left corner to the right of Google APIs and select your new project from the dropdown list. Click on Credentials in the left side bar:


    6. Click on Create Credentials:


    7. Select OAuth Client ID in the resulting popup:


    8. Click the blue Configure Consent Screen button on the right side of the page.
    9. Complete the requirements of the consent screen, and then return to the API credentials tab, and select OAuth client ID as shown above. NOTE: if you have previously completed this consent screen, you might not be prompted to complete it.

    10. Select Web application, provide a Name for your OAuth Client ID and select Create.


    11. Google generates a client ID and a client secret that Harmony will send as part of the request for validation before allowing a user to consume the API. The OAuth client ID and client secret display in the popup window. The ID and the secret are required to create the security profile in API Manager. For now, leave this browser window open.
  3. Within your project, go to Credentials > OAuth consent screen. Provide a product name that will be visible to users when they authenticate with Google (for example, "Harmony APIs"), then click Save.

  4. Under Credentials > Create Credentials, select OAuth Client ID in the popup. Click on the Configure Consent button.

  5. Select Web application, provide a Name for your OAuth Client ID and select Create.
  6. Upon clicking Create, your OAuth Client ID and Client Secret will be provided.


  7. Harmony will send the Google client ID and the client secret as part of the request for validation before allowing a user to consume the API. These two credentials will be required when Creating a Google OAuth Security Profile in Harmony API Manager. 
  8. Click on OK in the lower right corner to return to the Credentials page.
    • The new project name and client ID display. Click on the Edit icon.

  9. The Client ID for Web Application page displays. The Authorized redirect URIs section displays at the bottom of the page. 
    • Authorized URIs: Enter the authorized redirect URIs for your region.  See Finding My Region.

      • Paste one of the Harmony URIs for your region into the text box at the bottom of the section.
      • Press the return key to save the URI to the list.
      • Repeat these steps for each URI.
        • NA region:
          • Copy these: 
            • https://apps.na-east.jitterbit.com/api-manager/oauthredirect/authcode
            • https://apps.na-east.jitterbit.com/api-manager/swagger-ui/oauthredirect
          • Construct the following URL substituting your Jitterbit org base URL and the name of the security profile you have created for Google OAuth 2.0 authentication:  
            • https://<org base URL>/_oauth/<oauth profile name>

              TIP:

              • Your <org base URL> displays at the top of the My APIs page and is in the format of jitterbittrial#####.jitterbit.net
              • You must enter "jitterbittrial" all in lower case.
        • EMEA region: 
          • Copy these:
            • https://apps.emea-west.jitterbit.com/api-manager/oauthredirect/authcode
            • https://apps.emea-west.jitterbit.com/api-manager/swagger-ui/oauthredirect
          • Construct the following URL substituting your Jitterbit org base URL and the name of the security profile you have created for Google OAuth 2.0 authentication: 
            • https://<org base URL>/_oauth/<oauth profile name>

              TIP:

              • Your <org base URL> displays at the top of the My APIs page and is in the format of jitterbittrial#####.jitterbit.eu
              • You must enter "jitterbittrial" all in lower case.
        • APAC region:
          • Copy these:
            • https://apps.apac-southeast.jitterbit.com/api-manager/oauthredirect/authcode
            • https://apps.apac-southeast.jitterbit.com/api-manager/swagger-ui/oauthredirect 
          • Construct the following URL substituting your Jitterbit org base URL and the name of the security profile you have created for Google OAuth 2.0 authentication: 
            1. https://<org base URL>/_oauth/<oauth profile name>

              TIP:

              • Your <org base URL> displays at the top of the My APIs page and is in the format of jitterbittrial#####.jitterbit.cc
              • You must enter "jitterbittrial" all in lower case.
  10. The Login redirect URIs should appear similar to the image shown below once completed

    .

    • Click the Save button to save the URIs in the program and display the Credentials page. 
    • It may take up to five minutes for the redirect URIs to be accessible.
    • Click on the Edit icon in the Credentials page to return to the Client ID for Web Application page.

      TIP: Leave this page open to facilitate copying information into the security profile.
  11. You can return to Google Developer Dashboard and view your client ID and client secret at any time. Select the Project from the dropdown, select Credentials, hover over the program name and click on the link or click on the Edit icon in the lower right. The client id, client secret and all assigned redirect URIs display. Additional redirect URIs may be added later as necessary. You can also download the credentials to a JSON file, reset the client secret, or delete this client ID from the project and create a new one.

Creating a Google OAuth 2.0 Security Profile

  1. Log in to Harmony in a separate browser window, select the API Manager application card, and select Security Profiles in the My APIs dropdown menu. 


  2. Click on the Create New Profile button in the upper right corner. The View/Edit Security Profile page displays as shown below.

    • Name: Provide a name for the profile.
    • Environment: Select the environment the security profile will be assigned to from the dropdown list.
    • Description: Provide a description of the profile and assigned APIs.

      WARNING: Google will reject any API with a redirect URI error if the profile name includes blank spaces. Google matches the case of mixed case profile names and will reject the API with a redirect error if the redirect URI does not exactly match the mixed case of the profile name.

  3. Scroll down to Type.

    • Type: Select OAuth 2.0 in the dropdown menu.
    • OAuth Provider: Select Google in the dropdown menu.

  4. Scroll down to OAuth Client ID.
    • OAuth Client ID: The Client ID is generated within the Google API Console as described in Creating the Google Client ID and Client Secret.
      • Return to the open browser window displaying the Google Client ID for Web Application page. 
      • Copy the Client ID from Google and paste into the OAuth Client ID field in the View/Edit Security Profile page as shown in the image above.
    • OAuth Client Secret: The Client Secret is generated within the Google API Console as described in Creating the Google Client ID and Client Secret.
      • Return to the open browser window displaying the Google Client ID for Web Application page. 
      • Copy the Client Secret from Google and paste into the OAuth Client Secret field in the View/Edit Security Profile page as shown in the image above.

  1. Scroll down to OAuth Authorization URL.

    • OAuth Authorization URL: This field is optional and is populated with the standard Google authorization URL.  Replace this URL with your Google custom authorization URL if required.
    • OAuth Token URL: This field is optional and is populated with the standard Google token URL. Replace this URL with your Google custom token URL if required.
    • User Info URL: This field is optional and is populated with the standard Google user information URL.  Replace this URL with your Google custom user information URL if required.
    • Test Client ID + Secret: The button will change from gray to orange indicating the client ID and client secret fields are populated and the connection may be tested. Click on the Test Client ID + Secret button to test the connection between Harmony and Google.

  2. Enter your credentials into the Google popup window.


  3. A separate browser window displays a message in the upper left corner of the page indicating if the Client ID + Secret verified successfully. 
    • If the test failed:
      • Verify the Client ID and Client Secret are correct in the security profile.  
      • Verify the OAuth Authorization URL, OAuth Token URL, and User Info URL are correct in the security profile if you are using custom Google URLs.
      • Verify the Callback URLs in the Google Application are correct for your org base URL, security profile name, and region.
    • If the test is successful, close this page to return to the View/Edit Security Profile page.

  4. Scroll down to Logging.
    • Complete the settings in the Authorized Domains, Logging, Trusted IP Ranges and Rate Limit sections. See Security Profiles and Harmony API Security for additional information about these security settings.
    • Click on the Save button at the bottom of the page when all settings are complete.

Assign the Google OAuth 2.0 Security Profile to an API

  1. Log in to Harmony, select the API Manager application card, and select My APIs from the dropdown menu.
  2. Hover over the API card and select View/Edit.


  3. Scroll down to the Security Profiles section and click on the Edit icon  .


  4. The Assign Security Profile page displays as shown below.

    • Select the Google OAuth 2.0 security profile from the dropdown list.
    • Click Assign Profile.
    • Click Save Changes.
    • Click Save Changes.
    • Click Save & Publish.

  5. After selecting Save & Publish, the API is live and accessible.  Select the Copy URL icon , and paste the link into your browser.


  6. A popup window will display asking you to log in to Google.  

    • Enter your Email and Password. Sign into Google.

  7. If the authentication is successful, the expected payload will display in your browser.

    • If the API does not run successfully:
      • Verify the Client ID and Client Secret were copied correctly into the security profile.
      • Verify the OAuth Authorization URL, OAuth Token URL, and User Info URL are correct in the security profile if you are using custom Google URLs.
      • Verify the Login redirect URIs in the Google Web Application are correct for your org base URL, security profile name, and region.


On This Page

Related Topics

Last updated:  Aug 09, 2019


  • No labels