In the OAuth provider scenario, profiles and scopes specify the grant type,
authorization type, and the level of access.
In the OAuth provider scenario, the OAuth profile refers to a combination of a grant
type and at least one scope. The scope specifies the access that the user has to the
protected resource, such as read or write. You can create a profile for each
third-party provider and obtain the specific set of scopes from the provider. See Specify an OAuth profile and Specify an OAuth scope for more information. The instance also uses
OAuth profiles when a REST call specifies OAuth 2.0 authentication. A default profile is
automatically created for each third-party provider record that you create. There can only
be one default.
OAuth profiles and scopes are available starting in the Geneva release.
You need to specify these parameters, which are saved in the OAuth Requestor Profile
Table 1. OAuth parameters for default profile support
|The Sys ID of the object, which can be a user record or an email
|A descriptor that provides context for the OAuth requestor. As a good
practice, use the name of the table where the
object is saved.
|The Sys ID of the OAuth
profile record that is the default.
When the user attempts to authenticate, the provider accesses the OAuth Requestor
Profile table to look for the user. If the user is found, the authentication is successful.
If not, the provider accesses the default profile to determine the grant type and how to
proceed with the authentication.