In Freshteam,
I’m trying to implement OAuth for one of the Freshteam integrations, I need clarification on how the “CustomHeaders” works in the OAuth flow. (Please find the screenshot below)
The OAuth flow accesses the authorize URL with GET method and it’ll access the token URL with a POST method. Here I need to send client_id and client_secret in base64 encoded as a payload to the POST method for the token URL. Will “the customHeaders” can be used here? does the customHeaders will send the headers mentioned to the token URL?
Also, I need clarification on if the following syntax will work for encoding the client id and secret on oauth_config.json file.
I guess, both authorize and token URLs of 3rd party will be contacted by the platform’s OAuth server’s on behalf of the app to get the necessary tokens. During that contact phase, the requests will have these custom headers as part of the request.
Only the request to the authorize URL will send the client_id and client_secret. The token URL will send only a code got from the authorize request’s response.
For the customHeaders property, any key-value pairs can be sent by the app that needs to be sent in the request to get the access token.
The client_id and client_secret will not be available to the app to use in the customHeaders configuration property. Only if the client_id and client_secret are got from the OAuth iparams can they be accessed via the <%= oauth_iparams.sample_oauth_iparam %> template in the configuration.
