OAuth 2.0 authentication for configurable tax apps
Prerequisite: Consult your tax vendor to check whether they support the OAuth 2.0 authentication type.
Overview
For the OAuth 2.0 authentication type, Zuora’s configurable tax apps support the Client Secret and the Client Assertion options to request an access token from your OAuth 2.0 provider. The client assertion option is certificate-based and is considered more secure.
Configuration
To configure the OAuth 2.0 authentication type, provide the following information on the Engine Settings > System Configuration tab.
Use Client Secret
| Field | Description |
|---|---|
| Access Token URL (Required) | The URL to request the access token for the given Client ID and Client Secret. |
| Client ID (Required) | The client ID you got from your OAuth 2.0 provider. |
| Client Secret (Required) | The client secret you got from your OAuth 2.0 provider. |
| Scope (Optional) | As defined by the authorization server. |
Use Client Assertion
- Currently only supports Azure as an OAuth 2.0 provider.
- This feature is in Limited Availability, contact Zuora Global Support to enable it.
| Field | Description |
|---|---|
| Access Token URL (Required) |
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
The tenant is the Directory (tenant) ID in Azure. |
| Client ID (Required) | The Application (client) ID in Azure. |
| Audience (Required) |
https://login.microsoftonline.com/{tenant}/v2.0
The tenant is the Directory (tenant) ID in Azure. |
| Private key (Required) | Your private key in plaintext. You may refer to this online tool to generate the private key. |
| Certificate thumbprint (Required) | The thumbprint for your certificate. You may refer to this online tool to calculate the thumbprint using the certificate acquired when generating the private key. |
| Scope (Optional) | Refer to the “scope” field as defined by Azure. |
You can refer to this article on how to get the required information from Azure.