- 15 Feb 2024
- 3 Minutes to read
- Print
- DarkLight
Establishing an OAuth Provider
- Updated on 15 Feb 2024
- 3 Minutes to read
- Print
- DarkLight
Overview
OAuth is an open standard for providing secured delegated access. In short, Decisions can take actions or access resources from a server on behalf of the user without them having to share their credentials. The identity provider (IdP) can issue tokens to Decisions with the user's approval. Before using an API with OAuth, two things must first occur an OAuth Provider must be established, and an OAuth Token must be created. The following document discusses the method used to set up an OAuth Provider for proper Integration with Decisions.
Adding a Provider
To gain access to OAuth Settings and the ability to create an OAuth Token, users must first establish an OAuth Provider. This setting is established in the System > Integrations > Providers Folder by selecting the ADD OAUTH PROVIDER button within the Folder.
OAuth Provider Settings
OAuth Provider Settings
Setting | Description |
---|---|
Name | Name to distinguish the OAuth provider. |
Description | A brief description or explanation of the OAuth provider. This helps users understand the purpose or functionality of the OAuth provider when configuring it within the platform. |
OAuth Version | The version of OAuth to use. OAuth1x - The first version of OAuth follows a different authentication Flow. OAuth2 - The newer version is widely used for modern authentication and authorization. Note: Besides providing different configuration options, it is important to ensure that the selected OAuth version is compatible with the OAuth Server. For more information, see the documentation for the specific Server being integrated with or that particular Server's Settings or the Key/Token locations for the App. Though both OAuth1x and OAuth2 have nearly identical Provider Setting options, selecting OAuth2 provides a few additional options for configuration. |
Token Request URL | The URL is where the platform requests a temporary token during the OAuth1 authentication process. |
Authorize URL | The URL where the platform redirects the user for authorization. Once the user grants permission, the platform receives a verifier code. |
Access Token URL | The URL where the platform exchanges the temporary token and the verifier code for a long-lived access token during the OAuth1x authentication process. |
Default Consumer Key | The default consumer key is associated with the platform. It identifies the platform when making requests to the OAuth provider. |
Default Consumer Secret Key | It is used, along with the consumer key, to authenticate the platform with the OAuth provider. |
Get Base API URL from Authorization Response | (OAuth2 only) If selected, the platform will retrieve the base API URL from the authorization response. This helps identify the API endpoints for accessing resources. |
Token Refresh URL (Optional) | (OAuth2 only) If provided, the URL where the platform can request a new access token using a refresh token, allowing extended access without user re-authorization. |
Callback URL | (OAuth2 only) The URL where the user is redirected after successful authorization, along with the authorization code. Example: {BasePortalURL}/HandleTokenResponse |
Use Proof Key for Code Exchange (PKCE) | (OAuth2 only) If selected, the platform uses PKCE to enhance security during the authorization code exchange process. |
URL Encode Refresh Token During Refresh | (OAuth2 only) If selected, the platform URL encodes the refresh token when requesting a new access token during token refresh. |
Omit Code During Refresh | (OAuth2 only) If selected, the platform omits the authorization code when requesting a new access token with a refresh token during token refresh. |
Client Authentication Type | (OAuth2 only) The method used for client authentication when communicating with the OAuth provider. Options: Client Secret (POST), Private Key JWT. |
Private Key JWT | (OAuth2 only) The platform uses a JSON Web Token (JWT) with a private key for client authentication. |
Get a Private Key from Path | (OAuth2 only) The platform obtains the private key from the specified path or location. |
Private Key File | (OAuth2, JWT only) Upload the private key file for JWT-based authentication in the file upload area. |
Private Key Password | (OAuth2, JWT only) If the private key is password-protected, enter the password to access it. |
Private Key Signing Algorithm | (OAuth2, JWT only) The algorithm used to sign the JWT with the private key. RS256, RS384, and RS512 represent different signature strengths. |
Key Identifier (KID) | (OAuth2, JWT only) A unique identifier that helps match the correct key or certificate used for secure communication with the OAuth provider. |