Contents x
    OAuth
      • Print
      • Dark
        Light
      • PDF
      Contents

      OAuth

        • Print
        • Dark
          Light
        • PDF
        Article summary

        Open Authorization (OAuth) is an authorization protocol that acts as an intermediary and facilitates secure access to third-party applications without sharing user credentials, thereby protecting specific resources. Instead of usernames and passwords, OAuth uses tokens, serving as temporary access keys. QuickMeet.Chat offers integrations with various providers such as Google, Apple, and GitHub. This provides flexibility and security so users can log in with any of these credentials. You can also configure custom OAuth methods.

        This section guides you through the required configuration details of each supported method.

        Key features of OAuth integration

        • Controlled access: With the authentication methods, you can decide the user data that the workspace can access.

        • Single Sign-On (SSO): Users can sign in to the workspace without creating new usernames and passwords.

        • Flexibility: You can choose the authentication methods you want to implement in your workspace from the list of available options. Furthermore, you can also set up your own custom OAuth methods in your QuickMeet.Chat workspace.

        Set up your OAuth method

        Go to Administration > Workspace > Settings> OAuth. You can view a list of some OAuth methods that are supported by QuickMeet.Chat, including Google, Github, LinkedIn, etc. Select the method that meets your needs and provide the configuration parameters. Refer to the sub-sections where we go into the details of each method.

        Refresh OAuth services

        To update the options shown on your workspace login page based on your saved settings, click Refresh OAuth Services.

        OAuth apps will have full access to user accounts, including the ability to perform any action on behalf of the user. You must proceed carefully while logging in and refuse access if you don’t trust the OAuth app.

        Add Custom OAuth

        To add a custom OAuth:

        • Click Add custom OAuth.

        • Give a unique name for your custom OAuth.

        • Click Add.

        • When configuring your OAuth Provider, you must include a QuickMeet.Chat callback URL. You will find this URL once you add a custom OAuth method. For example, https://yourcompany.quickmeet.chat/_oauth/customoauth

        • You can enable this method now or after you have configured the settings:

        Field

        Description

        Example value

        URL

        The URL that is issued from the identity provider.

        Okta: https://dev-9879999.okta.com/oauth2/v1

        Token Path

        The token endpoint from the identity provider is used to obtain access tokens.

        /token

        Token Sent Via

        Select whether the token is sent via Header or Payload.

        Header

        Identity Token Sent Via

        Select whether the identity token is sent via Header, Payload, or the same method as the Token sent via field.

        Token sent via

        Identity Path

        The user information endpoint is used to retrieve user data. Enter the path from the user endpoint.

        Okta: /userinfo

        Authorize Path

        Enter the path from the authorization endpoint.

        Okta: /authorize

        Microsoft: /oauth2/authorize

        Scope

        The scope defines the user access level and permissions that you have configured in the identity provider.

        Okta: openid email profile groups offline_access

        Microsoft: openid profile email

        Param Name for access token

        The name of the access token.

        access_token

        Id

        The client ID value from your identity provider.

        0oafgyq3qdYPHa55555

        Secret

        The client secret value from your identity provider.

        QTrbVadjfjhurUzsJHRbteQPHHm8Od6w

        Login Style

        Select the type of the login screen. The options are:

        • Redirect

        • Popup

        • Default

        Popup

        Button Text

        Enter the text that will be displayed on the login button.

        Login with Microsoft

        Button Text Color

        Enter the color of the login text.

        Changing the colors may result in non-compliance with WCAG (Web Content Accessibility Guidelines) requirements. Ensure that the new colors meet the recommended contrast and readability standards to maintain accessibility for all users.

        #FFFFFF

        Button Color

        Enter the color of the login button.

        #1d74f5

        Key Field

        Select the field with which users can log in and which will maintain unique user IDs. The options are:

        • Username

        • Email

        Email

        Username field

        With this field, you can prevent users from selecting their own usernames while signing in for the first time. Thus, users will retain the usernames from the identity provider, maintaining consistency.

        Okta: In the Okta profiles of your users, enter values in the Nickname field.

        In your QuickMeet.Chat custom OAuth method, enter nickname value for this field.

        Microsoft: You can refer to the userinfo endpoint for details.

        Email field

        Enter the supported email claim key.

        Microsoft: email

        Name field

        Enter the supported name claim key.

        Mircosoft: given_name, family_name, or name

        Avatar field

        Enter the user avatar field from your identity provider.

        Okta: picture

        Show Button on Login Page

        Enable this option to show the login button on the workspace login screen.

        Sync configurations

        Roles/Groups field name

        Enter the roles or groups field from the identity provider. This will be used to identify which roles or groups need to be merged when the Merge Roles from SSO field is enabled.

        roles

        Roles/Groups field for channel mapping

        Enter the roles or groups field from the identity provider. This will be used to identify the field that should be used to map roles/groups to QuickMeet.Chat channels.

        Okta: If you have groups for the users, Okta can return the groups claim. See the Okta OpenID Connect and OAuth 2.0 guide for details.

        Keycloak: For an example of how the mapping works in Keycloak, see the Advanced Configuration example.

        User Data Group Map

        The admin user used to create rooms defined in the OAuth Group Channel Map field.

        rocket.cat

        Map Roles/Groups to channels

        Enable this option to add users to QuickMeet.Chat channels.

        Merge Roles from SSO

        Enable this option to merge user roles from the identity provider to the QuickMeet.Chat users.

        Roles to Sync

        List the roles (comma-separated values) that should be synced when the Merge Roles from SSO option is enabled.

        Merge users

        Enable this option to allow users from OAuth to be merged with existing users on the QuickMeet.Chat database.

        Merge users from distinct services

        Enable this option to allow users from OAuth to be merged with existing users regardless of their origin service.

        OAuth Group Channel Map

        From this mapping, users that belong to the specific groups are inserted into all the associated QuickMeet.Chat rooms.

        Note the following points:

        • For this, the Map Roles/Groups to channels field must be enabled.

        • You must also provide the groups in the Roles/Groups field for channel mapping field.

        • Rooms will be created in QuickMeet.Chat if they don’t exist. The User Data Group Map value will be set as the room owner.

        {
    "Managers": "managers-channel"
}

        Here, Managers is the group in the identity provider and managers-channel is the channel in QuickMeet.Chat. Users in the Managers group will be automatically added to managers-channel upon user login or user account creation.

        Save the changes once you’ve configured the custom OAuth method.

        Next, let's delve into the configuration details of each of the supported OAuth options in the following sections.

        Was this article helpful?
        What's Next
        QuickMeet.Chat versions receive support for six months after release. End-of-life for any version is the last day of the month when support ends.