Skip to main content
OAuth 2.0

Integrate third-party OAuth 2.0 vendors into workflows. Know your flow, set up tokens, and manage access in Torq.

Updated over a month ago

Use this integration to connect with any third-party vendor that uses OAuth 2.0.

Provide the access token maintained by the OAuth 2.0 integration as input for the steps of the third-party service that you want to include in your workflows.

Before you begin, you need to know which flow is supported by the third-party service you want to connect to:

Client Credentials

The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user.

Create an OAuth 2.0 Integration in Torq - Client Credentials Grant Type

  1. Go to Build > Integrations > Steps > OAutho 2.0 and click Add.

  2. Type a meaningful name for the integration. You will not be able to change this later.

    Create an OAuth 2.0 integration with the Client Credentials grant type
  3. Select the Client Credentials option in the Grant Type field.

  4. Get the rest of the information from the third-party service.

    1. Client ID and Client Secret are the OAuth 2.0 standard authentication details.

    2. Token URL is the endpoint used for generating OAuth 2.0 access tokens.

    3. (Optional) Scopes are the permissions set on the token.

  5. To use the access token maintained by the integration, use ##{{ $.integrations. .access_token }} in the token input field of the steps in your workflow. For example (replace oauth_client_credentials_integration_name with the name of the integration you created):

    Use the integration token in a Torq step

Example: Create an OAuth 2.0 Integration with the Client Credentials Grant Type for Torq

This example shows how to create an OAuth 2.0 integration to make sure you always have a viable Torq access token you can use in Torq steps. Getting the required information from a different third-party service provider may vary. This example is meant to give you a sense of the actions you need to take.

  1. In Torq, click your workspace icon/avatar.

  2. Click API Keys > Create API Key.

    Create A Torq API key
  3. Give the API key a meaningful name and click Create.

  4. Copy the Client ID and Client Secret to use when you create the OAuth 2.0 integration in Torq.

  5. To use the always valid access token maintained by the OAuth 2.0 integration you created in Torq steps, add a Torq step to the designer and enter ##{{$.integrations. .access_token}} in the TORQ_ACCESS_TOKEN field. Replace with the name of the OAuth 2.0 integration you created.​

    Use the integration token in a Torq step

Authorization Code

The Authorization Code grant type is used by clients to obtain an access token from a service provider with the permission of the resource owner (the user).

Create an OAuth 2.0 Integration in Torq - Authorization Code Grant Type

  1. Go to Build > Integrations > Steps > OAuth 2.0 and click Add.

  2. Type a meaningful name for the integration instance. This cannot be changed later.

  3. Select the Authorization Code option in the Grant Type field.

  4. Get the rest of the information from the third-party service.

    1. Client ID and Client Secret are the OAuth 2.0 standard authentication details.

    2. Token URL is the endpoint used for generating OAuth 2.0 access tokens.

    3. Auth URL is the endpoint where the user is redirected to grant permission for the application to access their resources.

    4. (Optional) Scopes are the permissions set on the token.

  5. The Authorized Redirect URI for the third party should be copied from the Callback URL displayed in the integration popup.

    Create an OAuth 2.0 integration with the authorization code grant type
  6. To use the access token maintained by the integration use {{ $.integrations.<your OAuth 2.0 integration name>.access_token }} in the token input field of the steps in your workflow.

Example: Create an OAuth 2.0 Integration with the Authorization Code Grant Type for Google Workspace

This example shows how to create an OAuth 2.0 integration to make sure you always have a viable Google Workspace access token you can use in Google Workspace steps. Getting the required information from a different third-party service provider may vary. This example is meant to give you a sense of the actions you need to take.

  1. Log in to your Google Workspace project: console.cloud.google.com.

  2. Go to APIs & Services > +ENABLE APIS AND SERVICES. Select the cards of the APIs you want to use in Torq and make sure they are enabled.

    Use the integration token in workflow steps
  3. Go to Credentials > +CREATE CREDENTIALS and select OAuth client ID.

    Enable APIs and services in Google Workspace
  4. Provide the following information and click CREATE.

    1. Application type: Web application.

    2. Name: provide a meaningful name.

    3. Authorized Javascript origins: https://app.torq.io or EU: https://app.eu.torq.io

    4. Authorized redirect URIs: Copy the value of the Callback URL field in the integration creation form in Torq https://redir.torq.io/integrations/oauth_2. ​

      Create credentials in Google Workspace
      Copy the Callback URL from the integration creation form
  5. Copy the Client ID and Client Secret and save them for the next step.

  6. Create an OAuth 2.0 integration in Torq with the following additional information:

    1. Auth URL: https://accounts.google.com/o/oauth2/v2/auth?access_type=offline. The Auth URL is available in the Google Workspace documentation. Request offline access to the scopes associated with the token (access_type=offline) to enable the refresh of the access token without prompting the user for permission (including when the user is not present).

    2. Token URL: https://oauth2.googleapis.com/token. The Token URL is available in the Google Workspace documentation.

    3. Scopes: https://www.googleapis.com/auth/drive.metadata.readonly. This is just an example; provide the scopes according to your needs.

  7. To use the always valid access token maintained by the OAuth 2.0 integration you created in Google Workspace steps (according to the requested scopes), provide {{$.integrations. .access_token}} as the access token. Replace with the name of the OAuth 2.0 integration you created.

When updating an integration, attempting to create an integration after a failure, or creating a new integration with the same credentials, you may need to go to https://myaccount.google.com/u/0/permissions, select your app, and click REMOVE ACCESS.

Also, see Torq's Confluence documentation for an additional example of an OAuth 2.0 integration using the Authorization Code type.

Refresh Token

When you receive an access token for OAuth authentication, it may have information about an expiration period and a refresh token attached.

{
    "access_token": "",
    "refresh_token": "",
    "token_type": "bearer",
    "expires_in": 3600
}

A refresh token can be used to get a new access token before the expiration without user interaction. The OAuth 2.0 integration sends periodic requests to refresh the access token before it expires.

Create an OAuth 2.0 Integration in Torq - Refresh Token Grant Type

  1. Go to Build > Integrations > Steps > OAuth 2.0 and click Add.

  2. Type a meaningful name for the integration instance.

  3. Select the Refresh Token option in the Grant Type field.

  4. Get the rest of the information from the third-party service.

    1. Client ID and Client Secret are the OAuth 2.0 standard authentication details.

    2. Refresh URL is the endpoint used for generating and refreshing OAuth 2.0 access tokens.

    3. Refresh Token is the refresh token provided when you first get your OAuth 2.0 access token.

  5. To use the access token maintained by the integration, use {{ $.integrations.<your OAuth 2.0 integration name>.access_token }} in the token input field of the steps in your workflow. For example (replace oauth_refresh_token_integration_name with the name of the integration you created):

    Use the integration token in workflow steps

This is the structure of the requests to refresh a token that is sent by the OAuth 2.0 integration:

{ "refresh_token": " ", "grant_type": "refresh_token" }

The client ID and client secret are passed in the headers via basic access authentication. The integration can't be created for service providers that require a different format or additional data for the token refresh.

Example: Create an OAuth 2.0 Integration with the Refresh Token Grant Type for Dropbox

This example shows how to create an OAuth 2.0 integration to make sure you always have a viable Dropbox access token you can use in Dropbox steps. Getting the required information from a different third-party service provider may vary. This example is meant to give you a sense of the actions you need to take.

  1. Click Create apps.

  2. Choose a type of access and give your app a meaningful name.

    Create a OAuth 2.0 integration with the refresh token grant type
  3. Copy the app key and secret to use as the Client ID and Client Secret when you create the OAuth 2.0 integration in Torq.

    Use the integration token in workflow steps
  4. Go to the OAuth 2 section and add https://127.0.0.1 as a Redirect URI.

    Create a new app in Dropbox
  5. Set the Dropbox App permissions by clicking on the Permissions tab.

    Copy Dropbox app key and secret
  6. Enter the following URL (replace with the App key) in your browser: https://www.dropbox.com/oauth2/authorize?client_id= &response_type=code&redirect_uri=https://127.0.0.1&token_access_type=offline

    Dropbox Redirect URIs
  7. Copy the code you got in the browser:​

    Dropbox Permissions tab
  8. Run the following cURL command in a terminal. Replace <CODE FROM THE PREVIOUS STEP> with the code you just copied.

    1. curl https://api.dropbox.com/oauth2/token \
      -d code=<CODE FROM PREVIOUS STEP> \
      -d grant_type=authorization_code \
      -d redirect_uri=https://127.0.0.1 \
      -u <CLIENT ID>:<CLIENT SECRET>

      You can use any API platform to run this command. Use Torq to run the command by creating a step from the cURL command and executing it. If you’re not using cURL, use application/x-www-form-urlencoded as the request content type (automatically done for you when using Torq).

  9. The output is a JSON object. Copy the refresh token to use when you create the integration in Torq.

    1. {
      "access_token": "<ACCESS TOKEN>",
      "token_type": "bearer",
      "expires_in": 14399,
      "refresh_token": "<REFRESH TOKEN>",
      "scope": "account_info.read",
      "uid": "*",
      "account_id": "<ACCOUNT ID>"
      }

  10. Get the refresh URL from the Dropbox OAuth documentation: https://api.dropbox.com/oauth2/token.

  11. Create an OAuth 2.0 integration in Torq. If your integration is created successfully, the first token refresh was successful, and the token will be refreshed periodically behind the scenes.

  12. To use the repeatedly refreshed token provided by the OAuth 2.0 integration you created in Dropbox steps, add a Dropbox step to the designer and Switch to HTTP mode.

  13. Enter {{ $.integrations.<OAuth 2.0 integration name>.access_token }} in the TOKEN field. Replace <OAuth 2.0 integration name> with the name of the OAuth 2.0 integration you created in Torq.




Did this answer your question?