Take the following steps to establish OData connectivity using OAuth 2.0.
1. A client registers a client application with Hybrid Data Pipeline. See Register client application. Once the application is registered, the Hybrid Data Pipeline service will issue client credentials in the form of a client identifier and a client secret.
2. The application uses the Client ID and Client Secret to generate an access token. Depending on the type of grant flow, the sequence of steps here will be different. See OAuth grant flows. The application must also specify the scope of access. Hybrid Data Pipeline currently supports one high level scope: "Allow data access via OData."
3. When the client application attempts to connect, Hybrid Data Pipeline prompts the end user for login credentials. If valid credentials are used, Hybrid Data Pipeline asks if the application should be allowed access to resource specified in scope.
4. If the application is authorized to access the resource specified in the scope, then Hybrid Data Pipeline sends the access token and refresh token to the client applications callback URL.
5. Client uses access token to access OData endpoint. Using the access token, the client application can make OData requests against Hybrid Data Pipeline resource.
6. If the access token expires, the application uses the Client ID, the Client Secret and the refresh token to generate a new access token.
Note: If you want third-party applications to use Hybrid Data Pipeline OData URL to pull data via OAuth 2.0, you will need to perform additional configuration steps to achieve the OAuth flow. Consult your third-party application documentation for information.
