Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ResponseOps][Connectors] Support OAuth 2.0 authentication on the webhook connector. #216140

Open
cnasikas opened this issue Mar 27, 2025 · 1 comment
Open

[ResponseOps][Connectors] Support OAuth 2.0 authentication on the webhook connector. #216140

cnasikas opened this issue Mar 27, 2025 · 1 comment
Labels
Feature:Actions/ConnectorTypes Issues related to specific Connector Types on the Actions Framework Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@cnasikas
Copy link
Member

The webhook connector currently supports basic and SSL client authentication. We need to extend it to support OAuth 2.0 authentication. Because Kibana needs to automatically refresh the tokens without user interaction, we should support the Client Credentials grant type suitable for Machine-to-machine (M2M) authentication. We should implement the OAuth 2.0 authentication as defined in the OAuth 2.0 RFC 6749, section 4.4. We assume that external services comply with the RFC. This means that the schema of the request and of the response should comply with the RFC.

Users should be able to configure:

  • The access token URL. This is used to get the token.
  • The client ID.
  • The client secret.
  • The scope.
  • Client authentication method. This means that users can select if the client ID and secret will be used to produce a Basic authentication header or if the client ID and secret will be part of the request's body. We may omit this option for the MVP.

DoD

  • Users can configure the Webhook connector to use OAuth 2.0 authentication with the Client Credentials grant type.
  • Tokens are being refreshed automatically.
  • Tokens are stored and used if they are not expired.
  • The intermediate release process is followed.
  • Testing coverage.
@cnasikas cnasikas added Feature:Actions/ConnectorTypes Issues related to specific Connector Types on the Actions Framework Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Mar 27, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Actions/ConnectorTypes Issues related to specific Connector Types on the Actions Framework Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cnasikas @elasticmachine