Connector certification - when will client secret ...

x001nx · ‎08-06-2021

Hi,

for connector certification we are required to provide the artifacts. If a connector uses OAuth2 the client secret is not provided in any of the artifacts.

However to create a new connector from UI or CLI client secret seems to be required (is it really?)

At what stage will the client secret be required and how it is handled/stored for security concerns during this process?

Thanks

murshed · ‎08-06-2021

PACONN CLI create a custom connector for you and therefore needs to secret to enable OAuth for your custom connector. On the other hand, certified connectors are available for all users. When you certify a connector a secret is needs to be submitted during the certification process, which is securely stored and deployed in the background. This is done to make sure the secrets are secured and never exposed.

If this reply answers your question or solves your issue, please ACCEPT AS SOLUTION ☑️. If you find this reply helpful, please consider giving it a LIKE 👍.

x001nx · ‎08-06-2021

Yes, but at what stage and how it is provided? Artifacts are sent my email and committed to the public repo (as I understand). At which step the client secret is required and how should it be provided? Also can client secret be optional if the underlying authentication works without the secret?

murshed · ‎08-06-2021

OAuth 2 requires a secret during the acquire access token stage. You will need to provide secret for custom connector while creating the custom connector (either using paconn cli or thru UI). You will need to provide the secret during submission for certification for a certified connector.

If this reply answers your question or solves your issue, please ACCEPT AS SOLUTION ☑️. If you find this reply helpful, please consider giving it a LIKE 👍.

Connector certification - when will client secret be required

Helpful resources

Power Automate News & Announcements

Power Automate Community Blog