Creating OAuth Tokens

OAuth Tokens can be created for applications that require authorization to allow an end user's account information to be used by third-party services without exposing the user's password. For example, Facebook, Salesforce, and Twitter. For Tokens to be created, an OAuth provider must be created. OAuth Tokens and Providers can be exported and imported into Decisions Instances.

Configuring an OAuth Token

Before configuring an OAuth Token, ensure that the environment can be accessed externally via HTTPS. If the environment is not configured to be accessible by HTTPS, a warning will appear informing that the Token may not work correctly. 

1. Navigate to the System > Integration > OAuth > Tokens and click CREATE TOKEN.
   
2. On the Create and Store OAuth Credentials window, define the available fields.
   
   Private Key JWT Feature

   If the user decides to use the Private Key JWT feature on a Provider, then the OAuth Flow for Token creation must be Client Credentials. Any other OAuth Flow will not work. 

   Setting		Description
   Token Name		The name of the token as it appears in Decisions.
   Providers		The OAuth Provider contains the endpoints and validation used by the token for authorization. Any OAuth Provider that has been configured will be selectable.
   OAuth Flow		This is a Flow configured to handle how the token will be authorized.
   	Authorization Code	A Flow configured and requires interaction from the Resource Owner. A browser window will open, requiring the user to authorize the request. Once the request has been authorized, a request token and refresh of the Flow will return data.
   	Client Credentials	A Flow that requires the Client ID (Consumer Key) and Client Secret (Consumer Secret key) and provides authorization at a higher level. This flow requires no user interaction and is the most reliable way to configure a token. Only a token will be returned.
   	Password	A Flow requiring a username and password to connect to the authorization server to retrieve and return only a token. Since the username and password are saved, no user interaction is required.  New tokens will be obtained from Decisions Flows automatically.
   	OIDC Hybrid	A Flow that uses part of the OpenID Connect protocol to obtain a token. The Flow will either return a token or the token along with refresh data.
   Use Default Keys		If enabled, uses the Consumer and Secret keys defined in the OAuth Provider. If disabled, new fields will appear to define Consumer and Secret keys.
   Consumer Key		The Consumer Key is an identifier that functions like an application username.
   Secret Key		The Consumer Secret Key is an identifier similar to an application's password.
   Resource Identifier		This is used by some providers as extra validation for requests. This varies between applications.
   Scope		Permissions that limit an application's access to a user account. More information on required scopes can be found by referring to the application's API documentation.
   Additional Values		Additional values may be required for authorization. These values can be found in the application's API documentation.

3. Once the values have been entered, select Request Token. This will show if the request succeeded or failed.
   Re-requesting Failed Token Requests  

   In v8.8+, users can now re-request a Token if the initial request fails. 
   
4. Once configured, the token will be available for any Flow or Step that requires an OAuth Token as input.

Token Actions

After successfully adding a Token, actions become available through an action menu while right-clicking a Token. 

Resetting Client Credentials Token Step

Resetting the Client Credentials Token involves revoking the existing Token and issuing a new one. Tokens can be reset by using the Reset Client Credentials Token Step within a Flow.

1. Create a Flow. From the Toolbox navigate to Integration > Internal Services > OAuthTokenService > ResetClientCredentialsToken.
2. Drag the step on the designer surface and join the Start and End steps.
3. Click on the step and navigate to Properties > Inputs. Refer to the document Configuring an OAuth Tokenfor detailed information on every field.
   • Enter the Token ID you want to renew. (You can find this in System > Integrations > OAuth > Tokens. Right click the desired Token and select Manage > Get OAuthToken ID).
   • Input any scopes, resources, or additional values your Token needs. These will be the same values you used on the initial Token request. If your Token does not need one or all of these values, set the input to null.

Start Token Request And Get Auth Link Step

The Start Token Request And Get Auth Link Step initiates the Token Request and retrieves the Auth Link for the user. 

1. Create a Flow. From the Toolbox navigate to Integration > Internal Services > OAuthTokenService > StartTokenRequestAndGetAuthLink.
2. Drag the step on the designer surface and join the Start and End steps.
3. Click on the step and navigate to Properties > Inputs. Refer to the document Configuring an OAuth Token for detailed information on every field.

Refresh Access Token Step

The Refresh Access Token step is used to refresh Authorization Code tokens. 

1. Create a Flow. From the Toolbox navigate to Integration > Internal Services > OAuthTokenService > RefreshAccessToken.
2. Drag the step on the designer surface and join the Start and End steps.
3. Click on the step and navigate to Properties > Inputs. Refer to the document Configuring an OAuth Token for detailed information on every field.