> ## Documentation Index
> Fetch the complete documentation index at: https://docs.runalloy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# OAuth 2.0

> Alloy's [Custom Connector](/embedded/custom-connector) supports the most popular authentication types allowing you to easily configure end-user authentication for third-party apps we don't support natively. The [Alloy modal](/embedded/alloy-modal) makes it easy to add support for OAuth 2.0 authorization.

To set up an OAuth 2.0 authorization flow, follow the steps below:

<Steps>
  <Step>
    Follow the instructions to [Create a Custom Connector](/embedded/custom-connector#creating-a-custom-connector).
  </Step>

  <Step>
    Navigate to the Authentication step where the OAuth 2.0 authorization type is selected by default.

    <Frame>
      ![](https://alloy-assets.s3.amazonaws.com/alloy-docs/embedded/custom-connector/oauth/1.png)
    </Frame>
  </Step>

  <Step>
    Fill in the relevant fields with details from the third-party app you are creating a Custom Connector for. It's best to have the third-party app open in another tab while you complete this step.
  </Step>

  <Step>
    Fill out the Refresh Configuration fields. Then, hit the **Validate Credential** button to ensure your credentials have been entered correctly. Once successful, hit **Save** to continue setting up your Custom Connector.
  </Step>
</Steps>

## OAuth 2.0 Fields

When configuring OAuth 2.0 for third-party apps, you'll need to provide information to help Alloy authorize your end-users. The required fields are detailed below:

* **Callback URL**: This is where users should be redirected after authorization has been completed. Use this in the application registration process for the third-party app.

* **Auth URL**: The authorization server's endpoint URL that initiates the authorization flow. Alloy will direct your end-users to this URL, allowing them to grant permissions to your app.

* **Access Token URL**: Once an end-user has granted permission to your app, Alloy receives an authorization code. This Authorization code is exchanged for an access token by calling the **Access Token URL** on the authorization server.

* **Client ID**: When you create or register an app with a third-party, a Client ID is generated for you. This `clientID` is a unique identifier used to identify your application when interacting with the OAuth2 server during the authorization flow.

* **Client Secret**: The Client Secret is generated by the third party you're integrating with. It's used alongside the Client ID for authenticating your application.

* **Scope**: Scope is the level of access that Alloy can request permissions for to access protected resources on the third-party server. During the OAuth2.0 flow, Alloy will prompt the end-user to give permissions using the scopes you have defined in this field. Scope may have spaces or comma-delineated variables.