Skip to Content
We are live but in Staging 🎉
WorkflowsWorkflow: OAuth Source Onboarding

Workflow: OAuth Source Onboarding

This workflow shows provider OAuth onboarding from URL generation through source sync.

When To Use

  • Connecting Google Drive/SharePoint/other OAuth-backed providers.
  • Re-authing after expired or revoked OAuth credentials.

Step 1: Request OAuth URL

dodil k3 \
  credential oauth-url --provider-id google_drive -o json

Expected output includes:

  • auth_url
  • state

Step 2: Authorize in browser

  1. Open auth_url.
  2. Complete provider consent.
  3. Capture returned authorization code.
  4. Keep state for validation if your flow enforces it.

Step 3: Exchange code for credential

dodil k3 \
  credential oauth-exchange \
  --provider-id google_drive \
  --code "<oauth_code>" \
  --redirect-uri "https://app.example.com/k3/oauth/callback" \
  --state "<state>" \
  --display-name "google-drive-main"

Capture credential_id.

Step 4: Create source (API-rich path)

Use API if you need provider details and scheduling in one request:

curl -sS -X POST "https://k3.dev.dodil.io/$K3_BUCKET/sources" "${AUTH[@]}" "${JSON[@]}" \
  -d '{
    "bucket": "'$K3_BUCKET'",
    "provider": "SOURCE_PROVIDER_GOOGLE_DRIVE",
    "name": "drive-contracts",
    "root_path": "/Contracts",
    "provider_account": "drive-id-123",
    "sync_interval_seconds": 3600,
    "enabled": true
  }'

Step 5: Trigger discovery and ingestion

dodil k3 \
  ingest trigger-discovery --bucket "$K3_BUCKET" --source <source_id>
 
dodil k3 \
  ingest trigger --bucket "$K3_BUCKET" --source <source_id>

Security and Operations Notes

  1. Never log raw OAuth codes/tokens in shared logs.
  2. Use ValidateCredential/RefreshOAuthToken API for long-lived operations.
  3. Keep redirect URI exact match with provider app settings.

Next: Object Access and Sharing

Workflow: Table Lifecycle and SQL FlowWorkflow: Object Access and Sharing