GitHub user dmainou added a comment to the discussion: Hop Mail Action with OAuth Authentication
I'll need to find some time to confirm there is no sensitive material and to get approval to share. But screenshots are ok. This is the main workflow which lives either at the beginning of a batch execution or run separately to the logic that needs the token <img width="1174" height="294" alt="image" src="https://github.com/user-attachments/assets/319ecdf7-8a2a-417b-81de-ac3caf6df75c"; /> This pipeline get's the latest token (if any) then either gets the very first ever token or refreshes an existing one. (SQL has been set to always return a line even if the table is empty) In red first token, green refreshes the token, blue error handling. (this client wants an email. I prefer something that results in observability raising an alarm and a ticket.) <img width="1347" height="558" alt="image" src="https://github.com/user-attachments/assets/b9e5d777-68d1-4446-b70c-e992b569cd1c"; /> This gets the very first token <img width="982" height="531" alt="image" src="https://github.com/user-attachments/assets/92d42c41-bd9d-4be5-8e64-413609e885f4"; /> The get variables builds the body of the call looks and like this: <img width="534" height="207" alt="image" src="https://github.com/user-attachments/assets/68f57386-891c-481c-83a9-68d1c24ba2e9"; /> ps I am still developing so not all security is in place as of now. It's best if those credentials are encrypted so either use a secrets vault or keep them encrypted in the conf file and decrypt as part of the logic which I'm yet to implement. The refresh pipeline is quite similar but starts by sourcing the refresh token from the db. <img width="1054" height="565" alt="image" src="https://github.com/user-attachments/assets/2d48533c-d6fd-4408-8f0a-39ee8b5db98f"; /> The call body on this occasion looks like this: <img width="555" height="183" alt="image" src="https://github.com/user-attachments/assets/dd6e5c74-cf62-4543-81f2-e6b4788e2001"; /> After landing the body I replace in string the ##REFRESH_TOKEN## with the value I obtained before. The above is specific to this particular provider/system but the pattern is common. You may not want to store that token in a db (it works for this client on this workflow) you may want to create it as a variable of the jvm, encrypt it and save it locally or remotely, update a conf file, or post it to a vault depending on what requirements you have. Sky is the limit. GitHub link: https://github.com/apache/hop/discussions/5645#discussioncomment-14227117 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
