Skip to main content

OAuth 2.0 Authentication for Configurable Tax Apps

Zuora

OAuth 2.0 Authentication for Configurable Tax Apps

Prerequisite: Consult your tax vendor to check whether they support the OAuth 2.0 authentication type.

Overview

For the OAuth 2.0 authentication type, Zuora’s configurable tax apps support the Client Secret and the Client Assertion options to request an access token from your OAuth 2.0 provider. The client assertion option is certificate-based and is considered more secure.

Configuration

To configure the OAuth 2.0 authentication type, provide the following information on the Engine Settings > System Configuration tab.

Use Client Secret

Field Description
Access Token URL (Required) The URL to request the access token for the given Client ID and Client Secret.
Client ID (Required) The client ID you got from your OAuth 2.0 provider.
Client Secret (Required) The client secret you got from your OAuth 2.0 provider.
Scope (Optional) As defined by the authorization server.

Use Client Assertion

  • Currently only supports Azure as an OAuth 2.0 provider.
  • This feature is in Limited Availability, contact Zuora Global Support to enable it.
Field Description
Access Token URL (Required)
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

The tenant is the Directory (tenant) ID in Azure.
Client ID (Required) The Application (client) ID in Azure.
Audience (Required)
https://login.microsoftonline.com/{tenant}/v2.0

The tenant is the Directory (tenant) ID in Azure.
Private key (Required) Your private key in plaintext. You may refer to this online tool to generate the private key.
Certificate thumbprint (Required) The thumbprint for your certificate. You may refer to this online tool to calculate the thumbprint using the certificate acquired when generating the private key.
Scope (Optional) Refer to the “scope” field as defined by Azure.

You can refer to this article on how to get the required information from Azure.