Help

Re: OAuth2 without user login

Solved
Jump to Solution
4112 0
cancel
Showing results for 
Search instead for 
Did you mean: 
Terence_Leung
5 - Automation Enthusiast
5 - Automation Enthusiast

I had a AWS Lambda function that is to update an Airtable. And I am going to modify the function to adopt OAuth2 authentication. However, after testing in Postman, it requires user login in a browser and select workspaces and bases. But it is absolutly impossible for Lambda function and we don't want to store user account in the Lambda function.

May I know if we can skip user login during the OAuth2 authentications? Also, can I predefine the allow list of workspaces and bases?

1 Solution

Accepted Solutions
Terence_Leung
5 - Automation Enthusiast
5 - Automation Enthusiast

HI, I am on an enterprise plan and sent an email to them. They replied that if an application is for internal use, we can use Personal Access Token (PAT) instead of OAuth2.

By using PAT, I don't need to modify any code as I just change the API Key to the PAT. It is all good now.

See Solution in Thread

4 Replies 4
goksan
6 - Interface Innovator
6 - Interface Innovator

Hey @Terence_Leung 👋

I don't think we're able to impact the allow lists on the authorization screen.

I don't think there's any way around completing the OAuth process yourself, and then persisting the tokens for refreshing your access in order to avoid needing to reauth. I think your only option is to go down the path of storing the tokens which I know you are trying to avoid.

I'm guessing you're not on an enterprise plan (neither am I) but there are service accounts in the enterprise plan which sound like they meet your requirements.

 

Terence_Leung
5 - Automation Enthusiast
5 - Automation Enthusiast

HI, I am on an enterprise plan and sent an email to them. They replied that if an application is for internal use, we can use Personal Access Token (PAT) instead of OAuth2.

By using PAT, I don't need to modify any code as I just change the API Key to the PAT. It is all good now.

So how would that work?  Just add the PAT in the request call?  

RJ

Yes, here is an example:

header Authorization: Bearer PAT