OAuth Configurations - Raajiv87/User-Assistance-Rajiv GitHub Wiki
OAuth Configurations is an open standard authorization framework for web-based token authentication. OAuth enables an end user's account information to be used by third-party services without exposing the user's account credentials to the third party. The agent provides the third-party service with an access token that authorizes the sharing of specific account information on behalf of the end user. A token is obtained through an authorization flow.
Navigation: Welcome > System Administrator > OAuth Configurations
The following matrix provides the available user capabilities and their recommended assignments.
| User Role | Created or Managed by | Capabilities |
|---|---|---|
| Sys Admin | Admin | Users with Sys Admin privileges have access to OAuth Configurations via the Admin Summary page. A Sysadmin users with the ViewOAuthDetails capability only has perform read-only access, whereas with the ManageOAuthDetails capability can create or update existing client details. |
| Sys Admin Cloud | Admin | Users with Sys Admin Cloud user can only view the OAuth Configurations link if ViewOAuthDetails or ManageOAuthDetails is assigned to their account. Sys Admin Cloud users with the ViewOAuthDetails capability only has read-only access, whereas with the ManageOAuthDetails capability can create new or update existing client details. |
The property EnableOAuthForProLink identifies the client applications that interact with OAuth authentication system. Users with Sys Admin and cloud Admin with ManageOAuthDetails capability can set it to true to enable OAuth authentication for prolink. By default, it is set to false.
On the OAuth Configurations page, an Admin can create a new client.
To create a new client, follow these steps:
- Navigate to Welcome > System Administrator > OAuth Configurations. OAuth Configurations page is displayed.
- Click on New Client.
- Type the Client Name and Description.
- Enter the Client ID and Client Secret or leave them blank if user wants the system to auto-generate these values.
- Enter the Access Token Expiry and Refresh Token Expiry.
- Click on Save to save the new client.
| Field Name | Field Description |
|---|---|
| Request No. | Request number of the open authorization. |
| Client Name | Name of the client. |
| Description | Description of the client if any. |
| Client ID | Client ID is a unique identifier assigned to a client. A maximum of 25 alphanumeric characters can be entered. |
| Client Secret | Client secret is a confidential information to verify the identity of a client application when trying to access a service or API. A maximum of 36 alphanumeric characters can be entered. |
| Access Token Expiry | The amount of time the user wants the generated access token to remain active for. The value is only taken in seconds. |
| Refresh Token Expiry | The amount of time the user wants the generated refresh token to remain active for after the original access token has expired. The value is only taken in seconds. By setting the value to zero, an access token will not be generated. |
On the OAuth Client Details page, an Admin user can edit the following fields for an existing client.
- Description
- Client secret
- Access token expiry
- Refresh token expiry
To update or edit an existing client, follow these steps:
- Navigate to the OAuth Configurations page.
- On the OAuth Configurations page, select the Request No of the existing client.
- Click on Edit Client.
- Change the required details and click on Update. A confirmation pop-up window is displayed.
- Click on Continue to save the changes. Note: As soon as the client secret or access token expiry or refresh token expiry is updated, the existing access token(s) is invalidated.
- On the Client Detail page, the user can also delete generated tokens by selecting a checkbox or multiple checkboxes simultaneously.
On the Client Detail page, the user can see the following fields:
| Field Name | Field Description |
|---|---|
| Access token | Access token is a credential used to authorize and authenticate a user or an application. Tokens are masked for security reasons, however a user can view them through the OAuth API endpoint. |
| Refresh token | Refresh token is a credential used in authentication and authorization systems to obtain a new access token when the original access token has expired. Tokens are masked for security reasons, however a user can view them through the OAuth API endpoint. |
| Created | Date and time when the tokens were generated. |
| Access token status | Status of the generated access tokens whether they are active or expired. |
| Refresh token status | Status of the generated refresh tokens whether they are active or expired. |
To delete one or more existing generated tokens, follow these steps:
- Navigate to the OAuth Configurations page.
- On the OAuth Configurations page, select the Request No of the existing client.
- Select one or more checkboxes and click Delete.
On the OAuth Configurations page, an Admin can delete one or more existing clients. To delete one or more existing clients, follow these steps:
- Navigate to the OAuth Configurations page.
- On the OAuth Configurations page, select the Request No of the existing client.
- Click on Delete Oauth Client option. A confirmation pop-up window is displayed.
- Click on Continue to delete the client. All information related to the client is deleted. Note: As soon as user delete the existing client, the existing access token(s) will be invalidated.
User have multiple options to customize OAuth Configurations page view.
- Columns : Click on Columns to view the available columns. User can select or de-select the columns to add or remove them from the view.
- Filters : Click on Filters to use filters available at each column level. All the columns on the page can be used as filter options.
History log for OAuth Configurations pages capture all updates that are made to a client, which provides accountability and transparency into the token authentication updates. Each action in the history log is displayed along with a description of the action, who performed the action, and when it was done.
The history logs are captured at the following levels:
- On OAuth Configurations summary page
- On OAuth Client Detail page
Navigation: Welcome > System Administrator > OAuth Configurations
Click on History. This opens history log pop-up window that captures the changes about adding or deleting or updating OAuth connections.
The following filters are available for users to view the history log as required:
- When: To filter by the time when the change was made
- Who: To filter by the user that made the change
- Text: To filter by the description of the action done
The history log can be viewed by clicking the History option on the header from the three dots icon. This opens a pop-up window that captures only about access and refresh tokens.
The following filters are available for users to view the history log as required:
- When: To filter by the time when the change was made
- Who: To filter by the user that made the change
- Text: to filter by the description of the action done
Users can request a new access token using the endpoint https://<app-url>/resources/oauth/token with the grant type request header as client credentials and using the generated client ID and client secret as part of the request header or request body.