Modified on: Thu, 18 Jun, 2020 at 12:46 AM
OAuth is an open standard for authorization. It allows Maltego users to log into third party providers with their credentials and have an access token returned to the tool. This access token can then be sent to the Transform which in turn can request information from the provider on behalf of the end user.
OAuth within the Maltego Client
Within the Maltego Client, the OAuth providers can be found under the Transforms tab by clicking on the Manage Services button:
After clicking the button you will be presented with the Service Manager panel which describes the available OAuth providers configured as well as the ability to login and logout of the various providers:
Within the application, if any Transforms require OAuth tokens, you will be prompted to login before the Transform is run.
Configuring the OAuth providers in the iTDS
Clicking OAuth Settings from the home page of the iTDS server leads you to a list view of all the OAuth settings that have been setup for your iTDS server. Clicking Add OAuth Setting will lead you to the page below where a new OAuth setting can be configured:
The OAuth settings fields on this form are explained below:
- Authenticator name - This is the overall OAuth provider name.
- Description - A description of the OAuth provider, something like "LinkedIn Provider".
- Version - Which version of OAuth being used, the currently supported versions are OAuth 2.0 and OAuth 1.0a.
- Access token endpoint - The endpoint that the Maltego client will request for the access token.
- Request token endpoint - The endpoint that the Maltego client will send the user to for application approval.
- Authorization URL - URL used to by the client to approve/grant access tokens.
- Application/API key - API or Application key that the developer is issued from the provider.
- Application/API secret - API or Application secret/private key that the developer is issued from the provider.
- Icon - Base64 of the 64x64 pixel Icon to be used within the Maltego client application.
- Access token variable name - The variable name used within the Transforms (this is what the Transform will receive).
- Variable description - Simply describes the variable used.
- Public Key - The public key used to encrypt the access token when it is sent to the Transform code itself.
Most OAuth 2.0 Providers require a Call back URL to be included as an URL parameter in one or all of the endpoint URLs. Please Refer to the applicable API or OAuth provider documentation for URL parameter requirements.
To ensure that the Maltego Desktop Client uses the correct Call back URL, please specify the protocol and TCP port in the Service Manager configuration for the applicable provider. This is an additional setting which the Maltego Desktop Client user needs to apply before attempting to log into the OAuth Service Endpoint. Ensure that you provide your users with the correct setup information.
Refer to Managed Services for instructions on how to configure this in the Maltego Desktop Client.
Read more about OAuth Integration and using OAuth in the Transform development guide here: OAuth Integration Example - LinkedIn.