In this example, the authorization server is the Google
authorization server.
Before you begin
- As an administrator, you have obtained OAuth 2.0 client
credentials from the authorization server.
- As an administrator, you have configured the authorization
server.
-
You have been assigned a global role
with the Security Administration capability.
Procedure
-
Go to .
-
In the Authentication field of the
toolbar, select OAuth from the drop-down
list.
-
Click the Configure
authentication icon next to the drop-down list.
-
In the Connection tab, fill in the
following fields.
Note: In the Scope field, the
email profile value indicates
that you want to know the user’s email address and basic profile
information.
-
In the User Attribute
Mapping tab, map the Google's attributes to the Talend Data Catalog ones.
-
In the Request Headers tab, click Add
header and enter extra parameters to be added in the HTTP
requests to the external authentication server.
-
In the Group Mappings
tab, map the group attribute from the external user account to the Talend Data Catalog group name.
To enable the automatic group assignment, you can fill in the
Groups attribute with the corresponding field name in the
user account information. Talend Data Catalog uses the value of this field
as the security group assignment.
The user account information is returned from the OAuth server to Talend Data Catalog after the OAuth server validates an access token upon a
login request.
You can also map individual values assigned to the OAuth attribute that maps to
the Groups in Talend Data Catalog.
You can use the wildcard ("%") when configuring the group mappings. The % matches
zero or more characters.
When populating an OAuth attribute for group assignment, you switch from native
and manually managed group assignment to OAuth driven and automatic group assignment
for all OAuth users. As an OAuth user, you lose the previous native group assignment
the next time you log in.
When deleting the last OAuth attribute for group
assignment, you switch from OAuth driven group assignment to native group
assignment. Any OAuth user will be associated with the Guest group, until the
users are manually assigned to other groups.
-
Save your changes.
Results
You can log in to
Talend Data Catalog through Google.
Below is an example of the data that can be returned in
Json.
{ "sub": "110248495921238986420",
"name": "Aaron Parecki",
"given_name": "Aaron",
"family_name": "Parecki",
"picture": "https://lh4.googleusercontent.com/-kw-iMgD_j34/AAAAAAAAAAI/AAAAAAAAAAc/P1YY91tzesU/photo.jpg",
"email": "aaron.parecki@okta.com",
"email_verified": true,
"locale": "en",
"hd": "okta.com"
}
As
Google's attributes have been mapped to the
Talend Data Catalog ones in
User Attribute
Mapping, you can see the user information retrieved from
Google.