Skip to main content
Solved

OAuth2 without user login

T

I had a AWS Lambda function that is to update an Airtable. And I am going to modify the function to adopt OAuth2 authentication. However, after testing in Postman, it requires user login in a browser and select workspaces and bases. But it is absolutly impossible for Lambda function and we don't want to store user account in the Lambda function.

May I know if we can skip user login during the OAuth2 authentications? Also, can I predefine the allow list of workspaces and bases?

Best answer by Terence_Leung

HI, I am on an enterprise plan and sent an email to them. They replied that if an application is for internal use, we can use Personal Access Token (PAT) instead of OAuth2.

By using PAT, I don't need to modify any code as I just change the API Key to the PAT. It is all good now.

View original

G
  • goksan
  • Inspiring
  • February 23, 2023

Hey @Terence_Leung 👋

I don't think we're able to impact the allow lists on the authorization screen.

I don't think there's any way around completing the OAuth process yourself, and then persisting the tokens for refreshing your access in order to avoid needing to reauth. I think your only option is to go down the path of storing the tokens which I know you are trying to avoid.

I'm guessing you're not on an enterprise plan (neither am I) but there are service accounts in the enterprise plan which sound like they meet your requirements.

 

T

HI, I am on an enterprise plan and sent an email to them. They replied that if an application is for internal use, we can use Personal Access Token (PAT) instead of OAuth2.

By using PAT, I don't need to modify any code as I just change the API Key to the PAT. It is all good now.

R
1 person likes this
  • R
    Robert_Jurado
R
  • Robert_Jurado
  • Participating Frequently
  • February 24, 2023
Terence_Leung wrote:

HI, I am on an enterprise plan and sent an email to them. They replied that if an application is for internal use, we can use Personal Access Token (PAT) instead of OAuth2.

By using PAT, I don't need to modify any code as I just change the API Key to the PAT. It is all good now.


So how would that work?  Just add the PAT in the request call?  

RJ
T
Robert_Jurado wrote:

So how would that work?  Just add the PAT in the request call?  


Yes, here is an example:

header Authorization: Bearer PAT

Reply


Most helpful members this week

Terms & Conditions