Creating OAuth Tokens
  • 11 Mar 2024
  • 3 Minutes to read
  • Dark
    Light

Creating OAuth Tokens

  • Dark
    Light

Article Summary

OAuth tokens can be created for applications that require authorization to allow an end user's account information to be used by third-party services without exposing the user's password—for example, Facebook, Salesforce, and Twitter. For tokens to be created, an OAuth provider must be created. OAuth Tokens and Providers can be exported and imported into Decisions Instances.


Configuring an OAuth Token

Before configuring an OAuth Token, ensure that the environment can be accessed externally via HTTPS. If the environment is not configured to be accessible by HTTPS, a warning will appear informing that the token may not work correctly. 

  1. Navigate to the System > Integration > OAuth > Tokens and click CREATE TOKEN.
  2. On the Create and Store OAuth Credentials window, define the available fields.
    Private Key JWT Feature
    If the user decides to use the Private Key JWT feature on a Provider, then the OAuth Flow for Token creation must be Client Credentials. Any other OAuth Flow will not work. 
    Setting Description 
    Token NameThe name of the token as it appears in Decisions.
    ProvidersThe OAuth Provider contains the endpoints and validation used by the token for authorization. Any OAuth Provider that has been configured will be selectable.
    OAuth FlowThis is a Flow configured to handle how the token will be authorized.

    Authorization Code A Flow configured and requires interaction from the Resource Owner. A browser window will open, requiring the user to authorize the request.
    Once the request has been authorized, a request token and refresh of the Flow will return data.

    Client Credentials A Flow that requires the Client ID (Consumer Key) and Client Secret (Consumer Secret key) and provides authorization at a higher level.
    This flow requires no user interaction and is the most reliable way to configure a token. Only a token will be returned.

    Password A Flow requiring a username and password to connect to the authorization server to retrieve and return only a token.
    Since the username and password are saved, no user interaction is required.  New tokens will be obtained from Decisions Flows automatically.

    OIDC Hybrid A Flow that uses part of the OpenID Connect protocol to obtain a token. The Flow will either return a token or the token along with refresh data. 
    Use Default KeysIf enabled, uses the Consumer and Secret keys defined in the OAuth Provider. If disabled, new fields will appear to define Consumer and Secret keys. 
    Consumer KeyThe Consumer Key is an identifier that functions like an application username. 
    Secret KeyThe Consumer Secret Key is an identifier similar to an application's password
    Resource Identifier This is used by some providers as extra validation for requests. This varies between applications.  
    Scope Permissions that limit an application's access to a user account. More information on required scopes can be found by referring to the application's API documentation 
    Additional ValuesAdditional values may be required for authorization. These values can be found in the application's API documentation.
  3. Once the values have been entered, select Request Token. This will show if the request succeeded or failed.
    Re-requesting Failed Token Requests  
    In v8.8+, users can now re-request a token if the initial request fails. 
  4. Once configured, the token will be available for any Flow or Step that requires an OAuth token as input.

Token Actions

After successfully adding a token, actions become available through an action menu while right-clicking a token. 

ActionDescription
Delete OAuth TokenDeletes the token.
Refresh Access TokenRefresh the token used to obtain access.
Rename OAuth TokenProvides the opportunity to change the name of the Token. 

Resetting Client Credentials Token via Flow

Resetting the Client Credentials Token involves revoking the existing token and issuing a new one. Tokens can be reset by using the Step "Reset Client Credentials Token" within a Flow.

  1. Create a Flow. From the Toolbox navigate to Integration > Internal Services > OAuthTokenService > ResetClientCredentialsToken.
  2. Drag the step on the designer surface and join the Start and End steps.
  3. Click on the step and navigate to Properties > Inputs. Refer to the document Configuring an OAuth Token for detailed information on every field.

    • Enter the token ID you want to renew. (You can find this in System > Integrations > OAuth > Tokens - Right Click the desired token and select Manage > Get OAuthToken ID).

    • Input any scopes, resources, or additional values your token needs. These will be the same values you used on the initial token request. If your token does not need one or all of these values, set the input to null.
Running this Flow as a scheduled job.
This Flow can be used to prevent Client Credential OAuth Tokens from expiring. Use this Flow on a scheduled job every 20-30 minutes or any length of time you'd like based on the token lifetime from your provider.
To learn more about scheduled jobs refer to Understanding Scheduled Jobs.


Was this article helpful?