> ## Documentation Index
> Fetch the complete documentation index at: https://doc.lucidworks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Use OAuth

> REST V2 connector

export const LwTemplate = ({title = "Key questions to get you started", icon = "sparkles", cta = "Powered by Agent Studio", linkHref = "https://lucidworks.com/demo/?utm_source=docs&utm_medium=referral&utm_campaign=docs_cta_ai"}) => {
  const [isLoaded, setIsLoaded] = useState(false);
  useEffect(() => {
    const timer = setTimeout(() => {
      setIsLoaded(true);
    }, 500);
    return () => clearTimeout(timer);
  }, []);
  return <div className="lw-template-container">
      <Card title={title} icon={icon}>
        {isLoaded && <span dangerouslySetInnerHTML={{
    __html: `<lw-template id="a029c1a9-28be-427e-b0e1-5d918920246a"></lw-template
            >`
  }} />}
        <Link href={linkHref} className="agent-studio-link text-left text-gray-600 gap-2 dark:text-gray-400 text-sm font-medium flex flex-row items-center hover:text-primary dark:hover:text-primary-light group-hover:text-primary group-hover:dark:text-primary-light">Powered by Lucidworks Agent Studio</Link>
      </Card>
    </div>;
};

[localhost link]: http://localhost:3000/docs/fusion-connectors/connectors/rest-v2/rest-v2-oauth

[mintlify link]: https://doc.lucidworks.com/docs/fusion-connectors/connectors/rest-v2/rest-v2-oauth

[old doc.lw link]: https://doc.lucidworks.com/fusion-connectors/h66upi

OAuth authentication allows configuration of OAuth credentials and settings to fetch an access token for authorizing requests to service endpoints.

<LwTemplate />

## Configuration

To configure a data source to use OAuth authentication:

1. Choose the **OAuth** option from the Authentication checkbox list.
2. Fill in the required fields for OAuth configuration:

   1. **OAuth Service URL**: Enter the base URL of the OAuth service.
   2. **OAuth Endpoint Path**: Specify the endpoint required for the OAuth request.
   3. **HTTP Method**: Select the HTTP method for the OAuth request. Options include **POST** (default) or **GET**.
   4. **Plain Authentication Variables**: Configure non-sensitive variables, for example `grant_type` or `username`, that will be visible in the datasource.
   5. **Secure Authentication Variables**: Use this field for sensitive credentials, for example `client_secret` or `password`. These values will remain hidden.
   6. **Access Token Path**: Define the JSON path expression to extract the access token from the response, for example `objects`, `objects[]`, and `$.objects[]`.
   7. **OAuth Values Location**: Specify where the plain/secure authentication variables should be sent:

      1. Request Param: As query parameters in the URL.
      2. URL-Encoded Body: As a body with the `application/x-www-form-urlencoded` format.
      3. JSON Body: As a JSON-formatted body.
      4. Header: As part of the request headers.
   8. **Header Authorization Template**: Use this to define the format for the access token in the request header. For example, include the prefix **Bearer** before the token: `Bearer ${LW_ACCESS_TOKEN}`. The special variable `${LW_ACCESS_TOKEN}` will be replaced with the actual token.

## Validation

### Connection Validation

The OAuth connection is validated when the crawl starts. Validation will fail if:

* The connector cannot reach the OAuth service URL and endpoint.
* The access token cannot be parsed from the response.

Validation passes only if the connector successfully contacts the OAuth service and retrieves the token.

### Token Refresh on 401 Response

If the connector receives a `401 Unauthorized` response, it will automatically attempt to fetch a new access token. This ensures uninterrupted crawling if the token expires.

## Special notes

Enter credentials in their normal, non-encoded format, for example `team@company.com.njg4`. The system performs URL-encoding internally. Avoid entering pre-encoded values, for example `team%40company.com.njg4` to prevent double encoding.
