OAuth profiles and scopes

In the OAuth provider scenario, profiles and scopes specify the grant type, authorization type, and level of access.

In the OAuth provider scenario, the OAuth profile refers to a combination of a grant type and at least one scope. The scope specifies the access that the user has to the protected resource, such as read or write. You can create a profile for each third-party provider and obtain the specific set of scopes from the provider. See Specify an OAuth profile and Specify an OAuth scope for more information. The instance also uses OAuth profiles when a REST call specifies OAuth 2.0 authentication. The instance auto-creates a default profile for each third-party provider record that you create. There can be only one default profile.

Specify the follwing parameters, which are saved in the OAuth Requestor Profile [OAuth_requestor_profile] table:
Table 1. OAuth parameters for default profile support
Parameter Description
oauth_requestor Sys ID of the object—either a user record or an email account.
oauth_requestor_context Descriptor that provides context for the OAuth requestor. As a good practice, use the name of the table where the oauth_requestor object is saved.
oauth_provider_profile The Sys ID of the OAuth profile record that is the default.

When the user attempts to authenticate, the provider accesses the OAuth Requestor Profile table to look for the user. If the user is found, the authentication is successful. If not, the provider accesses the default profile to determine the grant type and how to proceed with the authentication.