Closed kyvosdevelopers closed 7 months ago
Internal tracking: W-14604684
Hi Rupesh, can you try to specify client secret as blank with PKCE enabled, and set following oauth capability in oauthConfig.xml as well?
<entry>
<key>OAUTH_CAP_CLIENT_SECRET_IN_URL_QUERY_PARAM</key>
<value>true</value>
</entry>
more info about oauth caps: https://tableau.github.io/connector-plugin-sdk/docs/oauth#oauth-capabilities
thanks!
Hi ,
Thanks for your help, By setting above property it worked now.
Regards- Rupesh
Issue has been resolved, closing it.
Hi Tableau Team,
We have implemented Tableau connector for Kyvos. we want to add support of OAuth connectivity in Kyvos connector.
we are referring below tableau documentation for OAuth implementation - https://tableau.github.io/connector-plugin-sdk/docs/oauth#site-level-oauth-clients
we are successfully able to do OAuth Connectivity with specifying client id and client secret in OAuthConfig.xml file.
we are using custom OAuth config on Kyvos connector, and below is the problem we are facing -
we want to implement OAuth connectivity using PKCE without specifying client secret in OAuthConfig.xml as we do not want to expose or show client secret in OAuthConfig file due to security and privacy concern, but when we remove client secret tag from OAuthConfig.xml, tableau is not able to parse OAuthConfig.xml as it seems client secret is mandatory to be specified in OAuthConfig.xml file. is there any way not to use client secret in OAuthConfig.xml when PKCE is enabled ?
we tried to specify client secret as blank with PKCE enabled, we are successfully able to get authorization code in this case, but while getting Token we are getting below issue on Tableau -
An error occurred while communicating with data source 'Untitled Data Source' Authentication failed. Error Code: 84223ADA 401 Unauthorized POST https://example.oauthprovider.com/oauth2/default/v1/token
After analysing request response parameters using request response analyser tool and below is the observation -
While fetching token, request header is sent along with authorization code and code verifier. below is the issue we saw in request analyser tool -
{ "error": "invalid_client", "error_description": "Client authentication failed. Either the client or the client credentials are invalid." }
Now we have removed request header from request and added client id in request parameter and then again executed request from request analyser tool, now we are successfully able to get token.
Can you please suggest, is there any way to fix above issue, where we do not specify client secret in OAuthConfig.xml and PKCE is enabled.
Please let me know if any detailed information is required.
Regards- Rupesh