Summary
How to secure the redirect endpoint to verify valid requests from Airbyte for OAuth in a multi-tenant application
Question
Hey!
We are getting started with Powered by Airbyte and are building out a multi-tenant application that will read data from our customers’ salesforce instances. In the docs for creating an oauth source, I see that we specify a redirect URL, which airbyte redirects to after finishing the SF oauth flow, along with a payload of data we need to access this oauth token/ create the source. We want to protect this redirect endpoint and verify that only valid requests from Airbyte are accepted. How can we do this?
This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. Click here if you want to access the original thread.