In the OAuth provider scenario, profiles and scopes specify the grant type,
authorization type, and level of access.
In the OAuth provider scenario, the OAuth profile refers to a combination of a grant
type and at least one scope. The scope specifies the access that the user has to the
protected resource, such as read or write. You can create a profile for each
third-party provider and obtain the specific set of scopes from the provider. See Specify an OAuth profile and Specify an OAuth scope for more information. The instance also uses
OAuth profiles when a REST call specifies OAuth 2.0 authentication. The instance
auto-creates a default profile for each third-party provider record that you create. There
can be only one default profile.
Specify the following parameters, which are saved in the OAuth Requestor Profile
Table 1. OAuth parameters for default profile support
|The sys_id of the object, which can be a user record or an email
|Descriptor that provides context for the OAuth requestor. As a good practice,
use the name of the table where the
oauth_requestor object is
|The sys_id of the OAuth profile record that is the default (see Specify an OAuth
When the user attempts to authenticate, the provider accesses the OAuth Requestor
Profile table to look for the user. If the user is found, the authentication is successful.
If not, the provider accesses the default profile to determine the grant type and how to
proceed with the authentication.