Skip to main content

HTTPS Edge Route OAuth Module


Replace HTTPS Edge Route OAuth Module

Request

PUT /edges/https/{edge_id}/routes/{id}/oauth

Example Request

curl \
-X PUT \
-H "Authorization: Bearer {API_KEY}" \
-H "Content-Type: application/json" \
-H "Ngrok-Version: 2" \
-d '{"enabled":true,"provider":{"google":{"client_id":"client-id","client_secret":"client-secret","scopes":["profile","email","https://www.googleapis.com/auth/userinfo.email"],"email_addresses":["alan@example.com"]}}}' \
https://api.ngrok.com/edges/https/edghts_2TMGJPJ6QJdxArUaX6MH0RNroc6/routes/edghtsrt_2TMGJSTwulwM0fv46SnYgW1IpNT/oauth

Parameters

   
enabledbooleantrue if the module will be applied to traffic, false to disable. default true if unspecified
providerEndpointOAuthProvideran object which defines the identity provider to use for authentication and configuration for who may access the endpoint
options_passthroughbooleanDo not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
cookie_prefixstringthe prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
inactivity_timeoutuint32Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
maximum_durationuint32Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
auth_check_intervaluint32Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.

EndpointOAuthProvider parameters

   
githubEndpointOAuthGitHubconfiguration for using github as the identity provider
facebookEndpointOAuthFacebookconfiguration for using facebook as the identity provider
microsoftEndpointOAuthMicrosoftconfiguration for using microsoft as the identity provider
googleEndpointOAuthGoogleconfiguration for using google as the identity provider
linkedinEndpointOAuthLinkedInconfiguration for using linkedin as the identity provider
gitlabEndpointOAuthGitLabconfiguration for using gitlab as the identity provider

EndpointOAuthGitHub parameters

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
teamsList<string>a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name
organizationsList<string>a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'

EndpointOAuthFacebook parameters

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint

EndpointOAuthMicrosoft parameters

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint

EndpointOAuthGoogle parameters

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint

EndpointOAuthLinkedIn parameters

   
client_idstring
client_secretstring
scopesList<string>
email_addressesList<string>
email_domainsList<string>

EndpointOAuthGitLab parameters

   
client_idstring
client_secretstring
scopesList<string>
email_addressesList<string>
email_domainsList<string>

Response

Returns a 200 response on success

Example Response

{
"enabled": true,
"provider": {
"github": null,
"facebook": null,
"microsoft": null,
"google": {
"client_id": "client-id",
"client_secret": "client-secret",
"scopes": [
"profile",
"email",
"https://www.googleapis.com/auth/userinfo.email"
],
"email_addresses": [
"alan@example.com"
],
"email_domains": []
},
"linkedin": null,
"gitlab": null,
"twitch": null,
"amazon": null
},
"options_passthrough": false,
"cookie_prefix": "ngrok.",
"inactivity_timeout": 0,
"maximum_duration": 0,
"auth_check_interval": 0
}

Fields

   
enabledbooleantrue if the module will be applied to traffic, false to disable. default true if unspecified
providerEndpointOAuthProvideran object which defines the identity provider to use for authentication and configuration for who may access the endpoint
options_passthroughbooleanDo not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
cookie_prefixstringthe prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
inactivity_timeoutuint32Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
maximum_durationuint32Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
auth_check_intervaluint32Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.

EndpointOAuthProvider fields

   
githubEndpointOAuthGitHubconfiguration for using github as the identity provider
facebookEndpointOAuthFacebookconfiguration for using facebook as the identity provider
microsoftEndpointOAuthMicrosoftconfiguration for using microsoft as the identity provider
googleEndpointOAuthGoogleconfiguration for using google as the identity provider
linkedinEndpointOAuthLinkedInconfiguration for using linkedin as the identity provider
gitlabEndpointOAuthGitLabconfiguration for using gitlab as the identity provider

EndpointOAuthGitHub fields

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
teamsList<string>a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name
organizationsList<string>a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'

EndpointOAuthFacebook fields

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint

EndpointOAuthMicrosoft fields

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint

EndpointOAuthGoogle fields

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint

EndpointOAuthLinkedIn fields

   
client_idstring
client_secretstring
scopesList<string>
email_addressesList<string>
email_domainsList<string>

EndpointOAuthGitLab fields

   
client_idstring
client_secretstring
scopesList<string>
email_addressesList<string>
email_domainsList<string>

Get HTTPS Edge Route OAuth Module

Request

GET /edges/https/{edge_id}/routes/{id}/oauth

Example Request

curl \
-X GET \
-H "Authorization: Bearer {API_KEY}" \
-H "Ngrok-Version: 2" \
https://api.ngrok.com/edges/https/edghts_2TMGJPJ6QJdxArUaX6MH0RNroc6/routes/edghtsrt_2TMGJSTwulwM0fv46SnYgW1IpNT/oauth

Response

Returns a 200 response on success

Example Response

{
"enabled": true,
"provider": {
"github": null,
"facebook": null,
"microsoft": null,
"google": {
"client_id": "client-id",
"client_secret": "client-secret",
"scopes": [
"profile",
"email",
"https://www.googleapis.com/auth/userinfo.email"
],
"email_addresses": [
"alan@example.com"
],
"email_domains": []
},
"linkedin": null,
"gitlab": null,
"twitch": null,
"amazon": null
},
"options_passthrough": false,
"cookie_prefix": "ngrok.",
"inactivity_timeout": 0,
"maximum_duration": 0,
"auth_check_interval": 0
}

Fields

   
enabledbooleantrue if the module will be applied to traffic, false to disable. default true if unspecified
providerEndpointOAuthProvideran object which defines the identity provider to use for authentication and configuration for who may access the endpoint
options_passthroughbooleanDo not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
cookie_prefixstringthe prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
inactivity_timeoutuint32Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
maximum_durationuint32Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
auth_check_intervaluint32Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.

EndpointOAuthProvider fields

   
githubEndpointOAuthGitHubconfiguration for using github as the identity provider
facebookEndpointOAuthFacebookconfiguration for using facebook as the identity provider
microsoftEndpointOAuthMicrosoftconfiguration for using microsoft as the identity provider
googleEndpointOAuthGoogleconfiguration for using google as the identity provider
linkedinEndpointOAuthLinkedInconfiguration for using linkedin as the identity provider
gitlabEndpointOAuthGitLabconfiguration for using gitlab as the identity provider

EndpointOAuthGitHub fields

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
teamsList<string>a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name
organizationsList<string>a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'

EndpointOAuthFacebook fields

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint

EndpointOAuthMicrosoft fields

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint

EndpointOAuthGoogle fields

   
client_idstringthe OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
client_secretstringthe OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
scopesList<string>a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
email_addressesList<string>a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
email_domainsList<string>a list of email domains of users authenticated by identity provider who are allowed access to the endpoint

EndpointOAuthLinkedIn fields

   
client_idstring
client_secretstring
scopesList<string>
email_addressesList<string>
email_domainsList<string>

EndpointOAuthGitLab fields

   
client_idstring
client_secretstring
scopesList<string>
email_addressesList<string>
email_domainsList<string>

Delete HTTPS Edge Route OAuth Module

Request

DELETE /edges/https/{edge_id}/routes/{id}/oauth

Example Request

curl \
-X DELETE \
-H "Authorization: Bearer {API_KEY}" \
-H "Ngrok-Version: 2" \
https://api.ngrok.com/edges/https/edghts_2TMGJPJ6QJdxArUaX6MH0RNroc6/routes/edghtsrt_2TMGJSTwulwM0fv46SnYgW1IpNT/oauth

Response

Returns a 204 response with no body on success