📝 Session Token Authenticator documentation #28762
Conversation
octavia-squidington-iii
added
the
area/documentation
| @@ -143,6 +144,47 @@ In a lot of cases, OAuth refresh tokens are long-lived and can be used to create | |||
|
|
|||
| This can be done using the "Overwrite config with refresh token response" setting. If enabled, the authenticator expects a new refresh token to be returned from the token refresh endpoint. By default, the property `refresh_token` is used to extract the new refresh token, but this can be configured using the "Refresh token property name" setting. The connector then updates its own configuration with the new refresh token and uses it the next time an access token needs to be generated. If this option is used, it's necessary to specify an initial access token along with its expiry date in the "Testing values" menu. | |||
|
|
|||
| ### Session Token | |||
There was a problem hiding this comment.
We should also update docs/connector-development/connector-builder-ui/connector-builder-compatibility.md to mention this as a supported type (there's another error on that page about single-use refresh token which are supported now, could you fix that as well)?
There was a problem hiding this comment.
Good callout, added
| - `Request Headers` - used to attach headers to the sesssion token retrieval request | ||
| - Metabase does not require any headers in the `/api/session` request, so this is left unset. | ||
| - `Request Body` - used to attach a request body to the session token retrieval request | ||
| - As mentioned above, Metabase requires the username and password to be sent in the request body, so we can select `JSON (key-value pairs)` here and set the username and password fields (using User Inputs for the values to make the connector reusable). |
There was a problem hiding this comment.
Could you spell out the keys and values here that need to be set?
| - For Metabase, the `/api/session` response looks like `{"id":"<session-token-value>"}`, so the value here would simply be `id`. | ||
| - `Expiration Duration` - an [ISO 8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations) indicating how long the session token has until it expires | ||
| - Once this duration is reached, your connector will automatically fetch a new session token, and continue making data requests with that new one. | ||
| - If this is left unset, the session token will be refreshed before every single data request. |
There was a problem hiding this comment.
Could we add a note here that in most cases it makes sense to set the expiration date as the connector will run much slower than necessary otherwise?
| - Choose `API Key` if your session token needs to be injected into a query parameter or header of the data requests. | ||
| - Metabase takes in the session token through a specific header, so this would be set to `API Key`, Inject Session Token into outgoing HTTP Request would be set to `Header`, and Header Name would be set to `X-Metabase-Session`. | ||
| - Choose `Bearer` if your session token needs to be sent as a standard Bearer token. | ||
|
|
There was a problem hiding this comment.
Could we add a note that the session token authenticator does not support dynamic expiration dates of the session token and that the expiration duration should be set to the expected minimum to avoid problems during syncing?
|
Hello! Is this documentation updated? I dont find any example about "How configure Session Token" |
|
@Marcaccio-Mutt you can find the session token authentication documentation for the Connector Builder here: https://docs.airbyte.com/connector-development/connector-builder-ui/authentication#session-token |
|
Thx! Is all this configuration inside the yaml file? Is there some example that how configure it? |
|
@Marcaccio-Mutt That documentation is focused on explaining how to configure the session token authenticator in the Connector Builder UI, but the same ideas are applicable to the YAML manifest file as well (as the Connector Builder UI is just a layer on top of the YAML, and produces a low-code YAML manifest as output) You can see an example of this in the source-dockerhub connector: |
What
Relates to #26901
How
Updates the Connector Builder authentication documentation to explain when and how to use the Session Token authenticator.