Establishing an OAuth Provider
  • 15 Feb 2024
  • 3 Minutes to read
  • Dark
    Light

Establishing an OAuth Provider

  • Dark
    Light

Article summary

Overview 

OAuth is an open standard for providing secured delegated access. In short, Decisions can take actions or access resources from a server on behalf of the user without them having to share their credentials. The identity provider (IdP) can issue tokens to Decisions with the user's approval. Before using an API with OAuth, two things must first occur an OAuth Provider must be established, and an OAuth Token must be created. The following document discusses the method used to set up an OAuth Provider for proper Integration with Decisions. 

The following document ONLY discusses Provider setup. For information on Creating Tokens for an OAuth Integration, see Creating OAuth Tokens.
The following discusses the required configurations for an OAuth Provider. For assistance in finding the specific parameters for an OAuth Provider, please seek documentation or Developer settings for that specific service.

Adding a Provider

To gain access to OAuth Settings and the ability to create an OAuth Token, users must first establish an OAuth Provider. This setting is established in the System > Integrations > Providers Folder by selecting the ADD OAUTH PROVIDER button within the Folder. 

OAuth Provider Settings

OAuth Provider Settings

SettingDescription
NameName to distinguish the OAuth provider. 
DescriptionA brief description or explanation of the OAuth provider. This helps users understand the purpose or functionality of the OAuth provider when configuring it within the platform.
OAuth VersionThe version of OAuth to use.
OAuth1x - The first version of OAuth follows a different authentication Flow.
OAuth2 - The newer version is widely used for modern authentication and authorization.

Note: Besides providing different configuration options, it is important to ensure that the selected OAuth version is compatible with the OAuth Server. For more information, see the documentation for the specific Server being integrated with or that particular Server's Settings or the Key/Token locations for the App.
Though both OAuth1x and OAuth2 have nearly identical Provider Setting options, selecting OAuth2 provides a few additional options for configuration.
Token Request URLThe URL is where the platform requests a temporary token during the OAuth1 authentication process.
Authorize URLThe URL where the platform redirects the user for authorization. Once the user grants permission, the platform receives a verifier code.
Access Token URLThe URL where the platform exchanges the temporary token and the verifier code for a long-lived access token during the OAuth1x authentication process.
Default Consumer KeyThe default consumer key is associated with the platform. It identifies the platform when making requests to the OAuth provider.
Default Consumer Secret KeyIt is used, along with the consumer key, to authenticate the platform with the OAuth provider.
Get Base API URL from Authorization Response(OAuth2 only) If selected, the platform will retrieve the base API URL from the authorization response. This helps identify the API endpoints for accessing resources.
Token Refresh URL (Optional)(OAuth2 only) If provided, the URL where the platform can request a new access token using a refresh token, allowing extended access without user re-authorization.
Callback URL(OAuth2 only) The URL where the user is redirected after successful authorization, along with the authorization code.
Example: {BasePortalURL}/HandleTokenResponse
Use Proof Key for Code Exchange (PKCE)(OAuth2 only) If selected, the platform uses PKCE to enhance security during the authorization code exchange process.
URL Encode Refresh Token During Refresh(OAuth2 only) If selected, the platform URL encodes the refresh token when requesting a new access token during token refresh.
Omit Code During Refresh(OAuth2 only) If selected, the platform omits the authorization code when requesting a new access token with a refresh token during token refresh.
Client Authentication Type(OAuth2 only) The method used for client authentication when communicating with the OAuth provider. Options: Client Secret (POST), Private Key JWT.
Private Key JWT(OAuth2 only) The platform uses a JSON Web Token (JWT) with a private key for client authentication.
Get a Private Key from Path(OAuth2 only) The platform obtains the private key from the specified path or location.
Private Key File(OAuth2, JWT only) Upload the private key file for JWT-based authentication in  the file upload area.
Private Key Password(OAuth2, JWT only) If the private key is password-protected, enter the password to access it.
Private Key Signing Algorithm(OAuth2, JWT only) The algorithm used to sign the JWT with the private key.
RS256, RS384, and RS512 represent different signature strengths.
Key Identifier (KID)(OAuth2, JWT only) A unique identifier that helps match the correct key or certificate used for secure communication with the OAuth provider.

Feature Changes


Was this article helpful?