Need help with OAuth 2.0 setup for Zapier connection
I’m trying to configure my ASP.NET Web API 2 application to work as an OAuth provider so Zapier can connect to it. Has anyone successfully implemented this kind of setup before?
What I want to achieve is making my web application act as the OAuth server that can authenticate users when they try to connect through Zapier. I’m not trying to integrate with external services like Facebook or Google. Instead, I need my app to be the OAuth provider itself.
I’ve been looking into OWIN middleware options but I’m not sure about the correct approach. Any code examples or guidance on configuring the OAuth authorization server would be really helpful.
Basically I need to know how to set up the OAuth endpoints and token management so Zapier can successfully authenticate against my system.
i had a similar problem! ended up using the auth server middleware too. just double check your token endpoint’s json format matches zapier’s needs, or it’ll be a no-go.
Did this same integration 6 months ago and one thing completely tripped me up. You need proper CORS handling for your OAuth endpoints - Zapier makes cross-origin requests during auth and without CORS, users get weird connection failures even when everything else works fine. Also, Zapier specifically needs authorization code grant type. I tried client credentials flow first and it’s a no-go. Your token response has to include both access_token and refresh_token fields. Test the whole flow in Postman before touching Zapier - way easier to debug when you know if it’s your OAuth setup or the Zapier side that’s broken.
OWIN OAuth Authorization Server middleware is definitely the way to go. You’ll need to implement the OAuthAuthorizationServerProvider class and override ValidateClientAuthentication and GrantResourceOwnerCredentials methods at minimum. Configure proper token expiration times since Zapier expects refreshable tokens. One gotcha I hit - make sure your authorize endpoint returns the correct redirect URI format. Zapier’s pretty strict about OAuth flow compliance. You’ll also need to handle client credentials properly in your database since Zapier stores the client ID and secret for each user connection.