Authenticate with OAuth Protocol

Learn how to implement OAuth authentication in LogScale through supported providers like Google, GitHub, and BitBucket, and how to set up Auth0 integration. Undestand the steps for creating LogScale apps, configuring authentication settings, and mapping Auth0 roles to LogScale groups, with specific requirements for proper configuration of client IDs, secrets, and redirect URIs.

OAuth is an open standard that may be used to grant access to LogScale to applications and others without giving them your password.

The following diagram illustrates the standard OAuth 2.0 authentication flow between the user's browser, LogScale, and the OAuth provider:

sequenceDiagram participant User as User/Browser participant LS as LogScale participant Provider as OAuth Provider User->>LS: 1. Access LogScale LS->>User: 2. Redirect to login User->>Provider: 3. Request authorization Provider->>User: 4. Authentication prompt User->>Provider: 5. Provide credentials Provider->>User: 6. Authorization confirmation User->>Provider: 7. Confirm authorization Provider->>LS: 8. Send authorization code Note over Provider,LS: Callback to redirect_uri LS->>Provider: 9. Exchange code for access token Note over LS,Provider: Client ID & secret verification Provider->>LS: 10. Return access token LS->>Provider: 11. Request user information Provider->>LS: 12. Return user profile data LS->>User: 13. Create session & redirect to LogScale Note over User,LS: User now authenticated

The OAuth flow follows these key steps:

User attempts to access LogScale application
LogScale redirects to login page and offers OAuth provider options
User selects an OAuth provider, and the browser is redirected to that provider
OAuth provider displays authentication screen to the user
User enters their credentials with the OAuth provider
OAuth provider confirms user identity and asks for authorization
User approves the authorization request
OAuth provider sends an authorization code to LogScale via the configured redirect URI
LogScale exchanges the authorization code for an access token using its client ID and client secret
OAuth provider validates the request and returns an access token
LogScale uses the access token to request user information from the provider
Provider returns user profile data
LogScale creates a session for the user and redirects them to the application

LogScale supports the OAuth 2.0 login flow for the following providers:

BitBucket
GitHub
Google
Auth0

Providers must be configured on the LogScale server as described in the section for each provider.

You can enable several providers at the same time by setting multiple provider configurations.

Before you can configure your identity provider in LogScale you must create OAuth Apps with the provider and get a client_id and client_secret, and configure your redirect_uri.

In order for OAuth authentication to work properly for all providers you must provide a URL where LogScale can be reached from the browser in the PUBLIC_URL environment variable.

Self-Hosted Overview

Instance Administration

Organization Essentials

Configuring Security

Authentication and identity providers

Other authentication methods

Users and Permissions

Cluster Management

Health Checks

Ingesting Data

Configuration Variables

LogScale URLs and Endpoints

Limits and Standards

Deployment Overview

Planning Your Deployment

Instance Sizing

Storage Architecture

Installing Using Containers

Installing On Bare Metal or Cloud Instance

Reference Architectures

Installing Load Balancers

Deploying Auxiliary Services

Configuration Settings

Managing Your Deployment

Testing Your Deployment

Humio Operator

Data Analysis Overview

LogScale User Interface

Manage Repositories and Views

Parse Data

Search Data

Write Queries

Automation

Query Language Syntax

Query Functions

Template Language

Keyboard Shortcuts

Authenticate with OAuth Protocol

Enter search term