- 12 Aug 2022
- 2 Minutes to read
Creating OAuth Tokens
- Updated on 12 Aug 2022
- 2 Minutes to read
OAuth tokens can be created for applications that require authorization to allow an end user's account information to be used by third-party services without exposing the user's password. For example, Facebook, Salesforce, and Twitter. For tokens to be created, an OAuth provider must be created.
Configuring an OAuth Token
Before configuring an OAuth Token, ensure that the environment can be accessed externally via HTTPS. If the environment is not configured to be accessible by HTTPS, a warning will appear informing that the token may not work correctly.
- Once the environment and an OAuth provider have been configured, navigate to the System > Integration > OAuth > Tokens. Select Create Token from the action bar.
- After selecting Create Token, a dialog box will open. From here, define the properties of the token. Below is an overview of each item:
Setting Description Token Name The name of the token as it appears in Decisions. Providers The OAuth Provider contains the endpoints and validation used by the token for authorization. Any OAuth Provider that has been configured will be selectable. OAuth Flow This is a Flow configured to handle how the token will be authorized. Authorization Code A Flow configured and requires interaction from the Resource Owner. A browser window will open, requiring the user to authorize the request.
Once the request has been authorized, a request token and refresh the Flow will return data.
Client Credentials A Flow that requires the Client ID (Consumer key) and Client Secret (Consumer Secret key) and provides authorization at a higher level.
This flow requires no user interaction and is the most reliable way to configure a token. Only a token will be returned.
Password A Flow requiring a username and password to connect to the authorization server to retrieve and return only a token.
Since the username and password are saved, no user interaction is required. New tokens will be obtained from Decisions Flows automatically.
OIDC Hybrid A Flow that uses part of the OpenID Connect protocol to obtain a token. The Flow will either return a token or the token along with refresh data. Use Default Keys If enabled, uses the Consumer and Secret keys defined in the OAuth Provider. If disabled, new fields will appear to define Consumer and Secret keys. Consumer Key The Consumer Key is an identifier that functions like an application username. Secret Key The Consumer Secret Key is an identifier similar to an application's password Resource Identifier An additional field used by some providers as extra validation for requests. This varies between applications. Scope Permissions that limit an application's access to a user account. More information on required scopes can be found by referring to the application's API documentation Additional Values Additional values that may be required for authorization. These values can be found in the application's API documentation.
- Once the values have been entered select Request Token. This will show if the request succeeded or failed.
- Once configured, the token will be available for any Flow or Step that requires an OAuth token as an input.