Merge pull request #5569 from segmentio/MichaelGHSeg/oauth

stayseesong · web-flow · commit 7de53137175f · 2024-01-31T11:26:11.000-08:00
OAuth 2.0 new SDK feature documentation
diff --git a/src/connections/sources/catalog/libraries/server/node/index.md b/src/connections/sources/catalog/libraries/server/node/index.md
@@ -653,6 +653,46 @@ analytics.track({
 ```
 
 
+## OAuth 2.0
+
+> info ""
+> OAuth 2.0 is currently in private beta and is governed by Segment’s [First Access and Beta Preview Terms](https://www.twilio.com/en-us/legal/tos){:target="_blank"}.
+
+Enable [OAuth 2.0](/docs/connections/oauth/) in your Segment workspace to guarantee authorized communication between your server environment and Segment's Tracking API. To support the non-interactive server environment, the OAuth workflow used is a signed client assertion JWT.  
+
+You will need a public and private key pair where:
+- The public key is uploaded to the Segment dashboard. 
+- The private key is kept in your server environment to be used by this SDK. 
+
+Your server will verify its identity by signing a token request and will receive a token that is used to to authorize all communication with the Segment Tracking API.
+
+You'll need to provide the OAuth Application ID and the public key's ID, both of which are provided in the Segment dashboard.  There are also options available to specify the authorization server, custom scope, maximum number of retries, or a custom HTTP client if your environment has special rules for separate Segment endpoints.
+
+Be sure to implement handling for Analytics SDK errors. Good logging helps distinguish any configuration issues.
+
+For more information, see the [Segment OAuth 2.0 documentation](/docs/connections/oauth/).
+
+```ts
+import { Analytics, OAuthSettings } from '@segment/analytics-node';
+import { readFileSync } from 'fs'
+
+const privateKey = readFileSync('private.pem', 'utf8')
+
+const settings: OAuthSettings = {
+  clientId: '<CLIENT_ID_FROM_DASHBOARD>',
+  clientKey: privateKey,
+  keyId: '<PUB_KEY_ID_FROM_DASHBOARD>',
+}
+
+const analytics = new Analytics({
+  writeKey: '<MY_WRITE_KEY>',
+  oauthSettings: settings,
+})
+
+analytics.on('error', (err) => { console.error(err) })
+
+analytics.track({ userId: 'foo', event: 'bar' })
+```
 ## Troubleshooting
 
 {% include content/troubleshooting-intro.md %}
diff --git a/src/connections/sources/catalog/libraries/server/python/index.md b/src/connections/sources/catalog/libraries/server/python/index.md
@@ -530,12 +530,49 @@ analytics.write_key = 'YOUR_WRITE_KEY'
 
 ## Google App Engine
 
-Google App Engine my not resolve project dependencies. If this is the case add the following to your project alongside analytics-python:
+Google App Engine may not resolve project dependencies. If this is the case add the following to your project alongside analytics-python:
 - [requests](https://github.com/kennethreitz/requests){:target="_blank"}
 - python-dateutil](https://github.com/paxan/python-dateutil){:target="_blank"}
 
 If you're having issues with threads outliving your request, check [Background threads and synchronous mode](#background-threads-and-synchronous-mode)
 
+## OAuth 2.0
+
+> info ""
+> OAuth 2.0 is currently in private beta and is governed by Segment’s [First Access and Beta Preview Terms](https://www.twilio.com/en-us/legal/tos){:target="_blank"}.
+
+Enable [OAuth 2.0](/docs/connections/oauth/) in your Segment workspace to guarantee authorized communication between your server environment and Segment's Tracking API. To support the non-interactive server environment, the OAuth workflow used is a signed client assertion JWT.  
+
+You will need a public and private key pair where:
+- The public key is uploaded to the Segment dashboard. 
+- The private key is kept in your server environment to be used by this SDK. 
+Your server will verify its identity by signing a token request and will receive a token that is used to to authorize all communication with the Segment Tracking API.
+
+You'll need to provide the OAuth Application ID and the public key's ID, both of which are provided in the Segment dashboard.  There are also options available to specify the authorization server, custom scope, maximum number of retries, or a custom HTTP client if your environment has special rules for separate segment endpoints.
+
+Be sure to implement handling for Analytics SDK errors. Good logging will help distinguish any configuration issues.
+
+For more information, see the [Segment OAuth 2.0 documentation](/docs/connections/oauth/).
+
+```python
+import segment.analytics as analytics
+with open("private_key.pem") as f:
+    privatekey = f.read()
+
+analytics.write_key = '<YOUR WRITE KEY HERE>'
+
+analytics.oauth_client_id = 'CLIENT_ID' # OAuth application ID from segment dashboard
+analytics.oauth_client_key = privatekey # generated as a public/private key pair in PEM format from OpenSSL
+analytics.oauth_key_id = 'KEY_ID' # From segment dashboard after uploading public key
+
+def on_error(error, items):
+    print("An error occurred: ", error)
+analytics.on_error = on_error
+
+analytics.track('AUser', 'track')
+analytics.flush()
+```
+
 ## Troubleshooting
 
 ### Request size limits
