Use a third-party OAuth provider

Each client application must register with the instance to participate in OAuth authorization.

Before you begin

Role required: admin

Procedure

  1. Navigate to System OAuth > Application Registry.
  2. Click New.
  3. On the interceptor page, click Connect to a third party OAuth Provider.
  4. Fill out the fields, as appropriate (see table).
  5. Click Submit. The record is saved in the Application Registries [oauth_entity] table.
    The OAuth provider view
    Table 1. Application Registries (OAuth Provider view)
    Field Description
    Name A unique name identifying the application you are requiring OAuth access for.
    Client ID The unique ID of the application. The instance uses the client ID when requesting an access token.
    Client Secret [Required] The shared secret string the instance and the application use to authorize communications with one another. The instance uses the client secret when requesting an access token. Enter a string.
    OAuth API Script The script used to customize the request and response to the third-party OAuth provider. The script name must have the prefix OAuth.
    Logo URL The URL containing an image to use as the application logo.
    Default Grant Type The type of grant:
    • Authorization code: The code granted to the client to obtain an access token, which is then used to obtain access to the resource. You need an authorization URL if you select this option.
    • Resource owner password credentials: The user name and password of the user trying to obtain access to the resource.
    Refresh Token Lifespan The refresh token lifespan in seconds.
    Accessible from The application scope that this registry is accessible from.
    Active A check box for indicating that the instance can authorize access to the application. Only active applications can request access tokens.
    Authorization URL The URL of the endpoint to authorize the user if you are using the authorization code grant type.
    Token URL The location of the token endpoint that the instance uses to retrieve and refresh tokens.
    Redirect URL The application endpoint that receives the authorization code. Leave this field empty to have the instance automatically generate this URL.
    Token Revocation URL The location of the endpoint that the instance uses to revoke the token.
    Comments Any additional information you want to associate with this application.
    Embedded lists
    OAuth Entity Profiles The profiles associated with the OAuth provider. The profile includes the grant type. Click the profile name to go to the OAuth Entity Profile form.
    OAuth Entity Scopes The entity scopes associated with the OAuth provider. The scope identifies the services the application has access to. Click the scope name to go to the OAuth Entity Scope form.

Result

After you create the third-party application registry, the system automatically generates a default profile using the specified grant type, but without any scopes. You can create additional profiles, each with scopes.