Overview
OAuth tokens can be created for applications that require authorization to allow an end user's account information to be used by third-party services without exposing the user's password—for example, SharePoint, Facebook, Salesforce, and Twitter. For tokens to be created, an OAuth provider must be created. OAuth Tokens and Providers can be exported and imported into Decisions Instances.
Configuring an OAuth Token
Before configuring an OAuth Token, ensure that the environment can be accessed externally via HTTPS. If the environment is not configured to be accessible by HTTPS, a warning will appear informing that the token may not work correctly.
- Navigate to the Settings > Integrations > OAuth > Tokens and click CREATE TOKEN.
- On the Create and Store OAuth Credentials window, define the available fields.
Setting Description Token Name The name of the token as it appears in Decisions. Providers The OAuth Provider contains the endpoints and validation used by the token for authorization. Any OAuth Provider that has been configured will be selectable. OAuth Flow This is a Flow configured to handle how the token will be authorized. Authorization Code A Flow that requires interaction from the Resource Owner. Once it is configured, a browser window will open, requiring Users to authorize the request.
Once the request has been authorized, a request token and refresh of the Flow will return data.Client Credentials A Flow that requires the Client ID (Consumer Key) and Client Secret (Consumer Secret key) and provides authorization at a higher level.
This flow requires no user interaction and is the most reliable way to configure a token. Only a token will be returned.Password A Flow requiring a username and password to connect to the authorization server to retrieve and return only a token.
Since the username and password are saved, no user interaction is required. New tokens will be obtained from Decisions Flows automatically.OIDC Hybrid A Flow that uses part of the OpenID Connect protocol to obtain a token. The Flow will either return a token or the token along with refresh data. Use Default Keys If enabled, uses the Consumer and Secret keys defined in the OAuth Provider. If disabled, new fields will appear to define Consumer and Secret keys. Consumer Key The Consumer Key is an identifier that functions like an application username. Secret Key The Consumer Secret Key is an identifier similar to an application's password Resource Identifier This is used by some providers as extra validation for requests. This varies between applications. Scope Permissions that limit an application's access to a user account. More information on required scopes can be found by referring to the application's API documentation Additional Values Additional values may be required for authorization. These values can be found in the application's API documentation. - Once the values have been entered, select Request Token. This will show if the request succeeded or failed.
- Once configured, the token will be available for any Flow or Step that requires an OAuth token as input.
Token Actions
After successfully adding a token, actions become available through an action menu while right-clicking a token.
| Action | Description |
|---|---|
| Delete OAuth Token | Deletes the token. |
| Refresh Access Token | Refresh the token used to obtain access. |
| Rename OAuth Token | Provides the opportunity to change the name of the Token. |
Resetting Client Credentials Token via Flow
Resetting the Client Credentials Token involves revoking the existing token and issuing a new one. Tokens can be reset by using the Step "Reset Client Credentials Token" within a Flow.
- Create a Flow. From the Toolbox navigate to Integration > Internal Services > Call Internal Decisions Service
- Drag the step on the designer surface and join the Start and End steps.
- Click on the step and navigate to Properties > Internal Service Settings. Select OAuthTokenService under Service Name and ResetClientCredentialsToken under Method. This will open up a number of new fields. Refer to the document Configuring an OAuth Token for detailed information on every field.
- Enter the token ID you want to renew. (You can find this in Settings > Integrations > OAuth >Tokens - Right Click the desired token and select Manage > Get OAuthToken ID).
- Input any scopes, resources, or additional values your token needs. These will be the same values you used on the initial token request. If your token does not need one or all of these values, set the input to null.
To learn more about scheduled jobs, refer to Understanding Scheduled Jobs.
Refreshing a Token via the Internal Decisions Services Step
Users who create a token utilizing the Authorization Code OAuth Flow must use the Internal Decisions Services step to refresh the token. Users should note that these steps will not work unless the token has been successfully acquired with the proper permissions, as mentioned at the beginning of the article.
- Navigate to the OAuth page and select Tokens. Right-click on the desired Token and select Get OAuth Token ID.
- Copy the Token ID and open a new Flow.
In the new Flow, drag and drop the Call the Internal Decisions Services onto the workspace.
Enter the following information into the respective fields:
Service Name: OAuthTokenService
Method Name: RefreshAccessToken
Context Type: CurrentUser
token Id: Paste in the token Id
.png)
Once the fields have been filled out, click Debug, and select the Internal Decisions Services step to view the results.
Example
The following example demonstrates how to use the Refresh Token Step to refresh an OAuth token before adding a SharePoint document to an integrated SharePoint Document Library using the SharePoint Add Document step.
Debugging the Flow will first refresh the OAuth Token, then proceed with adding the document to the integrated Sharepoint Document Library.
This image shows the OAuth token being successfully refreshed.
This image shows the SharePoint document being successfully added to the integrated Document Library.