Setting Up a Partner OAuth Provider
There is no need to set up a Partner OAuth Provider if your organization wants to use Google authentication.
Setting up a new OAuth provider for the Crunch app requires work by both Crunch and its partner. Here's the three-part process:
- Step one (partner): Register Crunch's OAuth URL with your OAuth provider and generate security tokens.
- Step two (Crunch): Add tokens and configuration to Crunch's application configuration.
- Step three (partner + Crunch): Test the integration together.
Step one: Registering Crunch OAuth URLs (partner)
- Register Crunch's OAuth domains and redirect URLs with your OAuth provider. Crunch's OAuth URIs are:
The following example uses [workspace] in the URL. Please replace [workspace] with your organization's workspace name.
- Domain: https://[workspace].crunch.io
- Redirect URI: https://[workspace].crunch.io/api/public/oauth2redirect/.
- Provide the following details to Crunch:
- OAuth Type — one of the following:
- openid-connect
- rfc7662
- Client ID — a string, sometimes human-readable, sometimes a hash value/random string, or sometimes a mixture of both.
- Client Secret — a long and difficult-to-guess random string. Protect this like a password.
- The scope that Crunch should request access to. Crunch needs to be able to verify the user's email address vs. the login email address, from which Crunch pulls the full name of the user's profile.
- OAuth Type — one of the following:
- Depending on the OAuth type, provide Crunch with the following information:
- The Discovery Endpoint — usually a URL with a path such as /.well-known/openid-configuration.
- OR, all of the following:
- Authorization Endpoint
- Token endpoint
- User Info endpoint
- For RFC7662, provide Crunch with the following information:
- Authorization Endpoint
- Token Endpoint
- Introspect endpoint
- If you wish to enable Just-in-time provisioning, then provide the email domains that should be included.
Step two: Configuring the partner's OAuth provider (Crunch)
Once Crunch has received the above information from you, Crunch configures the new partner OAuth provider in its platform.
Step three: Testing the integration (Crunch + partner)
Navigate a web browser to https://[workspace].crunch.io/ and attempt to log in.