Forge External with OAuth 2.0 - How to get Auth token to pass as Authorization header

RitupurnaBISWAL · May 29, 2025, 7:22am

Hello All,

I need to fetch information from our internal system and display in confluence using a macro.

I am able to get profile information by following this example [microsoft forge ]

I need to pass the Authentication token to my API . But the microsoft.listCredentials() method throwing not implemented error.

{
hasCredentials: [AsyncFunction: hasCredentials],
getAccount: [AsyncFunction: getAccount],
requestCredentials: [AsyncFunction (anonymous)],
listCredentials: [Function: throwNotImplementedError],
listAccounts: [AsyncFunction: listAccounts],
asAccount: [Function: asAccount],
fetch: [Function (anonymous)]
}

My manifest.yml

providers:
  auth:
    - key: microsoft
      name: microsoft
      scopes:
        - User.Read
        - offline_access
      type: oauth2
      clientId: *********************
      remotes:
        - microsoft-graph
        - internal-api
      bearerMethod: authorization-header
      actions:
        authorization:
          remote: microsoft-login
          path: /tenant-id/oauth2/v2.0/authorize
        exchange:
          remote: microsoft-login
          path: /tenant-id/oauth2/v2.0/token
          resolvers:
            accessToken: access_token
            accessTokenExpires: expires_in
            refreshToken: refresh_token
        retrieveProfile:
          remote: microsoft-graph
          path: /v1.0/me
          resolvers:
            id: id
            displayName: displayName
remotes:
  - key: microsoft-login
    baseUrl: https://login.microsoftonline.com
  - key: microsoft-graph
    baseUrl: https://graph.microsoft.com
  - key : internal-api
    baseUrl: https://api.myorg.com
permissions:
  external:
    fetch:
      backend:
        - https://login.microsoftonline.com
        - https://graph.microsoft.com
        - https://api.myorg.com

Any help will be greatly appreciated.

Thanks

AaronCollier · May 29, 2025, 9:02am

What is it you want to list the credentials for? To make a call to a given API with a given authentication provider, I would think the other functions would work as in the example. You’d just adjust the API they’re calling.

RitupurnaBISWAL · May 30, 2025, 8:26am

Hello @AaronCollier , Thank you for your reply.
I tried calling my api from the resolver but getting a 401 error. (FYI Microsoft API returning a 200 )
So trying to find out what went wrong. its might be token issue.

Is there anyway to get the tokens in console ?

Thanks

AaronCollier · June 2, 2025, 8:15am

I don’t know of any way to do that, I would guess for security reasons. Perhaps if you shared how you’re calling the API someone could help you debug

RitupurnaBISWAL · June 2, 2025, 8:56am

Hello @AaronCollier ,
Thanks again for taking time to check this issue .
It might be an issue with the internal tool, checking with the respective team.

Thanks

RitupurnaBISWAL · July 17, 2025, 6:53am

Hello @AaronCollier ,

Our application requires an application specific scope to be passed to the exchange
parametrs

I followed the instruction mentioned in here , but i don’t know how to pass client_secret without hardcoding it or reading it from .env file.

exchange:
          remote: microsoft-login
          path: /<tanantid>/oauth2/v2.0/token
          overrides:
            headers:
              grant_type: client_credentials
              scope: api://custom-validator/.default  
              client_secret: '{{client_secret}}'
              client_id: '{{client_id}}'

Any help will be appreciated.
Regards,
Ritu

AaronCollier · July 17, 2025, 7:57am

You can specific default values in the environment section of the manifest and then use them like this:

exchange:
    ...
   client_secret: '${CLIENT_SECRET}`
environment:
  variables:
    - key: CLIENT_SECRET
      default: "default"

Anything set in the environment itself (such as exporting before a command) will override the default.

RitupurnaBISWAL · August 5, 2025, 11:22am

Hello @AaronCollier ,
Thank you for your answer and sorry for bothering you again.

The access token granted is valid for only one hour . So each hour i am being prompted for authentication.

I tried using refresh token like this still getting authentication prompt each time.

providers:
  auth:
    - key: microsoft
      name: microsoft
      scopes:
        - User.Read
        - offline_access
      type: oauth2
      clientId: ${CLIENT_ID} 
      remotes:
        - test-api
      bearerMethod: authorization-header
      actions:
        authorization:
          remote: microsoft-login
          path: /***********/oauth2/v2.0/authorize
          queryParameters:
              access_type: offline
        exchange:
          remote: microsoft-login
          path: /******/oauth2/v2.0/token
          overrides:
            body:
              grant_type: client_credentials
              scope: api://custom-validator/.default
              client_id: ${CLIENT_ID}
              client_secret: ${CLIENT_SECRET}
        refreshToken:
          remote: microsoft-login
          path: /************/oauth2/v2.0/token
          overrides:
            body:
              grant_type: refresh_token
              client_id: ${CLIENT_ID}
              client_secret: ${CLIENT_SECRET}

        retrieveProfile:

Please help me if you have any idea .FYI I am very new to this.

Regrads,
Ritu