docs/platform/using-airbyte/oauth.md
Many Airbyte connectors support OAuth 2.0, enabling secure and seamless integration between Airbyte and third-party APIs. This guide explains how OAuth works for connectors in Airbyte.
OAuth 2.0 is an open standard for access delegation. It allows websites or applications to request limited access to your information on other platforms without exposing passwords. By using token-based authentication, OAuth enhances security and improves your user experience.
The complexity of setting up OAuth flows is handled internally by Airbyte. When you set up a new connector, you only need to complete a few steps to use OAuth. Airbyte’s OAuth implementation involves three key components:
You: The individual authorizing access to your account on a third-party platform.
Airbyte: The application requesting authorization on your behalf.
The third-party API: The service to which the connector needs access.
This simplified diagram visualizes the connection process.
graph TD;
A[You] -->| Authorize Airbyte| B[Third-party authorization server]
B -->| Issues authorization code| C[Airbyte]
C -->| Exchanges authorization code for access token| B
C -->| Sends API Request with access token| D[Third-party resource server]
D -->| Returns protected data| C
In Airbyte Cloud, the process depends on a connector's support level.
For Airbyte connectors, client credentials are securely managed by Airbyte. You only need to click the authentication button and use the third-party platform's UI to authorize Airbyte.
For Marketplace or custom connectors, you must configure your own client credentials.
Register an application on the third-party platform to obtain a Client ID and Client Secret. The exact process differs slightly for each third-party, but most explain this process in their documentation. The documentation for an Airbyte connector often provides these steps, too.
Enter your Client ID and Client Secret into the connector settings in Airbyte.
Click the authentication button.
In Self-Managed Airbyte, for security reasons, you must configure your own client credentials.
Register an application on the third-party platform to obtain a Client ID and Client Secret. The exact process differs slightly for each third-party, but most explain this process in their documentation. The documentation for an Airbyte connector often provides these steps, too.
Enter your Client ID and Client Secret into the connector settings in Airbyte.
Click the authentication button.
You are responsible for managing client credentials except when Airbyte Cloud provides the OAuth app for you. Treat these keys like a username and password, and handle your sensitive data securely.
OAuth is supported in airgapped instances of Airbyte. Redirects happen in your web browser, not the Airbyte server.
When OAuth connections fail, it's usually one of these problems.
Verify that the Client ID and Client Secret are correct (Self-Managed only).
Check for typos or missing configuration steps.