OAuth profiles and scopes

In the OAuth provider scenario, profiles and scopes specify the grant type, authorization type, and the level of access.

In the OAuth provider scenario, the OAuth profile refers to a combination of a grant type and at least one scope. The scope specifies the access that the user has to the protected resource, such as read or write. You can create a profile for each third-party provider and obtain the specific set of scopes from the provider. See Specify an OAuth profile and Specify an OAuth scope for more information. The instance also uses OAuth profiles when a REST call specifies OAuth 2.0 authentication. A default profile is automatically created for each third-party provider record that you create. There can only be one default.

OAuth profiles and scopes are available with the Geneva release.

Specify these parameters, which are saved in the OAuth Requestor Profile [OAuth_requestor_profile] table:
Table 1. OAuth parameters for default profile support
Parameter Description
oauth_requestor The Sys ID of the object, which can be a user record or an email account.
oauth_requestor_context A descriptor that provides context for the oauth requestor. As a good practice, use the name of the table where the oauth_requestor object is saved.
oauth_provider_profile The Sys ID of the OAuth profile record that is the default.

When the user attempts to authenticate, the provider accesses the OAuth Requestor Profile table to look for the user. If the user is found, the authentication is successful. If not, the provider accesses the default profile to determine the grant type and how to proceed with the authentication.