Alteryx Server Discussions

patrick_digan · ‎08-05-2020

Hello! We're upgrading our server from 2019.2 to 2020.2. I'm reading through all of the changes, and I was just curious if anybody can expand upon a change in 2020.1. The release notes say: Introduced a new setting to allow disabling of OAuth via query parameters for the Gallery API. I have experience with the API, but I'm scratching my head trying to figure out 1) where this setting is located and 2) what the setting is controlling. Perhaps an example or intended usage would clear things up for me. Does anybody else know what this new setting is?

JohnPelletier · ‎08-07-2020

@patrick_digan We added a security enhancement for customers who don't want OAuth parameters to be received as query parameters and would prefer to enforce that they are sent as headers. We aim to better document it going forward, but here is the setting you need to make to your alteryx.config file:

Obviously, this is just a sample and you would inject this disableOAuthQueryParams setting into your alteryx.config file for your namedEnvironment record with your own respective base address.

And of course, we can't stop an API client from attempting to send OAuth as query parameters, but at least by rejecting them, we can discourage the practice.

After restarting the service, the API will reject any client calls where OAuth parameters are sent as query parameters and will instead expect them as headers. Headers are considered a bit more secure.

I hope that helps.

patrick_digan · ‎08-07-2020

@JohnPelletier Thanks, this clears it up!

Alteryx Server Discussions

Alteryx 2020.1 release note about disabling oauth