The documentation you are viewing is for Dapr v1.0 which is an older version of Dapr. For up-to-date documentation, see the latest version.


Use OAuth2 middleware to secure HTTP endpoints

The OAuth2 HTTP middleware enables the OAuth2 Authorization Code flow on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code.

Component format

kind: Component
  name: oauth2
  type: middleware.http.oauth2
  version: v1
  - name: clientId
    value: "<your client ID>"
  - name: clientSecret
    value: "<your client secret>"
  - name: scopes
    value: ""
  - name: authURL
    value: ""
  - name: tokenURL
    value: ""
  - name: redirectURL
    value: ""
  - name: authHeaderName
    value: "authorization"
  - name: forceHTTPS
    value: "false" 

Spec metadata fields

Field Details Example
clientId The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform
clientSecret The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform
scopes A list of space-delimited, case-sensitive strings of scopes which are typically used for authorization in the application ""
authURL The endpoint of the OAuth2 authorization server ""
tokenURL The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token ""
redirectURL The URL of your web application that the authorization server should redirect to once the user has authenticated ""
authHeaderName The authorization header name to forward to your application "authorization"
forceHTTPS If true, enforces the use of TLS/SSL "true","false"

Dapr configuration

To be applied, the middleware must be referenced in configuration. See middleware pipelines.

kind: Configuration
  name: appconfig
    - name: oauth2
      type: middleware.http.oauth2