Create an OAuth2.0 Connector

The OAuth2.0 connector allows you to easily connect SigningHub with any third-party authentication service that supports OAuth2.0 protocol like Google, LinkedIn, SalesForce, and Facebook. The "Auth URL" provided in the connector will be used for identifying the third-party service configured in the connector and then authenticating the end users a the time of both logging into SigningHub and performing signatures.

Create an OAuth2.0 connector

Click the "Configurations" option from the left menu.
Choose the "Connectors" option.
The "Connectors" screen will appear.
Click the add icon from the grid header.
A dialog window appears where you can add the connector details. The connector dialog is comprised of two screens i.e., Basic Information and Details. Select OAuth2.0" from the list of providers and specify the basic information. Click the "Next" button to provide the respective connector details as required by the third-party service; leave the rest empty.
Click the "Finish" button. A new connector will be created and displayed in the list. See the table below for description of the fields. The OAuth2.0 connector has been added and can be used in an authentication profile.

Basic Information Section
Fields	Description
Name	Specify a unique name for this connector, i.e. My Google. This connector will be used in the configuration of Authentication Profiles.
Provider	Select the provider for this connector, i.e. "OAuth2.0".
Purpose	This field will display the purpose of the selected provider above, i.e. the purpose of "OAuth2.0" is "Authentication".
Active	Select to make this connector active. Keep the check box empty to make the connector In-active. An inactive connector cannot be configured in the Authentication Profiles.
Next	Displays the "Details" section.

The following table describes the fields on the "Details" section of this dialog.

Details Section
Fields	Description
Logo	Select an appropriate image in the jpeg, jpg, gif or png format for the connector's logo that will be displayed on the login screen.
Auth URL	Enter the endpoint as provided by the third-party authentication server. For example, "https://accounts.google.com/o/oauth2/v2/auth" is for Google.
Client ID	Enter the registered client ID as provided by the third-party authentication server. By default, the text is masked with asterisks, you can click to view the entered text.
Client Secret	Enter the client secret as provided by the third-party authentication server. By default, the text is masked with asterisks, you can click to view the entered text.
Scope	Enter the scope if required by the third-party authentication server. If not required, leave empty.
Resource	Enter the resource value if required by the third-party authentication server. If not required, leave empty.
Client Authentication	Specify how the client credentials are sent to the authentication server during the token request process. This determines the method used to authenticate the client application. From the drop-down select either of the following option: Form-Encoded Body Parameters: Sends the client ID and secret within the request body as URL-encoded parameters. This is the default method. Basic Authentication: Sends the client ID and secret in the HTTP Authorization header using Basic authentication. This method is more secure.
Access Token URL	Enter the endpoint as provided by the third-party authentication server for exchanging the authorisation code for an access token. For example, "https://www.googleapis.com/oauth2/v4/token" is provided by Google.
Token Info Service	Select the mechanism for obtaining user information from the OAuth server after authentication. This determines how SigningHub retrieves and validates user details. From the drop-down select either of the following option: User Info: Sends a GET request to the user info endpoint to fetch user details. This is the default method. Introspection: Sends a POST request to the introspection endpoint to retrieve user information.
Token Info URL	Enter the endpoint URL provided by the third-party authentication server to fetch user details. This URL is used in conjunction with the selected Token Info Service to verify and match the logged-in user's information in SigningHub. For example, if 'User Info' is selected as the 'Token Info Service', Google’s endpoint is "https://www.googleapis.com/oauth2/v2/userinfo". This endpoint is essential for retrieving user details such as email to confirm the user’s presence in the SigningHub database.
Email [Attribute]	Enter the value as provided by the third-party authentication server for getting the value of Email Address from the User Info endpoint response. This field is mandatory for all third-party services and accepts only text (non-numeric) values. The value required in this field may vary for different third-party services. For example, "email" is requested by Google, and "mail" by "Azure Active Directory"
Name [Attribute]	Enter the value as provided by the third-party authentication server for getting the value of Name from the User Info endpoint response. . This field is optional for all third-party services. The value required in this field may vary for different third-party services. For example, "name" is requested by Google, and "displayName" by "Azure Active Directory".
Finish	Creates a new connector using the information entered on the dialog.

For example if your SigningHub site is "https://web.signinghub.com" then the Callback URL for SigningHub will be "https://web.signinghub.com/OAuth2/CallBack".
If you do not wish to implement Single Sign-On (SSO), and would like to authenticate the user every time, add "prompt=login" at the end of the Auth URL. For example, "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?prompt=login".