OAuth Settings

Modified on: Mon, 17 Jul, 2023 at 12:08 PM

Introduction

OAuth is an open standard for authorization. It allows Maltego Desktop Client users to log into third party providers with their credentials and have an access token returned to the Desktop Client. This access token can then be used in a Transform which can request information from the provider on behalf of the end user.


OAuth within the Maltego Desktop Client

Within the Maltego Desktop Client, the OAuth providers can be found under the Transforms tab by clicking on the Manage Services button:



You will be presented with the Service Manager panel which describes the available OAuth providers configured, as well as the ability to login and logout of the various providers:



Within the Maltego Desktop Client, if any Transforms require OAuth tokens, you will be prompted to login before the Transform is run.


Configuring the OAuth providers in the iTDS

Clicking OAuth Settings from the home page of the iTDS server leads you to a list view of all the OAuth settings that have been setup for your iTDS server. Clicking Add OAuth Setting will lead you to the page below where a new OAuth setting can be configured:



The OAuth settings fields on this form are explained below:

  • Authenticator name - A unique name used to identify the OAuth config.
  • Description - A description of the OAuth provider, something like "LinkedIn Provider".
  • Version - Which version of OAuth being used, the currently supported versions are OAuth 2.0 and OAuth 1.0a.
  • Access token endpoint - The endpoint that the Maltego client will request for the access token.
  • Request token endpoint - The endpoint that the Maltego client will send the user to for application approval.
  • Authorization URL - URL used to by the client to approve/grant access tokens.
  • Application/API key - API or Application key that the developer is issued from the provider.
  • Application/API secret - API or Application secret/private key that the developer is issued from the provider.
  • Icon - Base64 of the 64x64 pixel Icon to be used within the Maltego client application.
  • Access token variable name - The variable name used within the Transforms (this is what the Transform will receive).
  • Variable description - Simply describes the variable used.
  • Public Key - The public key used to encrypt the access token when it is sent to the Transform code itself.


OAuth Endpoint Configuration

Sometimes OAuth Endpoints, such as the Authorization URL, may be lengthy, and to reduce the length, Maltego TDS makes use of configuration parameter placeholders as illustrated below.

 

For OAuth 1.0a, only "token" can be used as a replacement variable, e.g. http://example.com/oauth1/authorize?oauth_token={token} where "token" refers to the token received from the OAuth Provider during the Authorization flow. 


 

For OAuth 2, "apiKey" and "callback" can be used as replacement variables in the authorization URL, e.g. http://example.com/oauth2/authorize?client_id={apiKey}&redirect_uri={callback} where "apiKey" refers to the Application Key setting in the TDS.


Callback will be replaced with the callback URI of the Maltego Desktop Client and this URI must match approved values for redirect_URI's. The allowed URI's are configured with the OAuth Provider.



Most OAuth 2.0 Providers require a Call back URL to be included as an URL parameter in one or all of the endpoint URLs. Please Refer to the applicable API or OAuth provider documentation for URL parameter requirements.


To ensure that the Maltego Desktop Client uses the correct** Call back URL*, please specify theprotocol* and TCP port in the** Service Manager **configuration for the applicable provider. This is an additional setting which the Maltego Desktop Client user needs to apply before attempting to log into the OAuth Service Endpoint. Ensure that you provide your users with the correct setup information.


Refer to Managed Services for instructions on how to configure this is in the Maltego Desktop Client.


Read more about OAuth Integration and using OAuth in the Transform development guide here: OAuth Integration Example - LinkedIn.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.