OAuth Profile
OAuth Profile helps to configure the OAuth related parameters like Application credentials, Authorization/Access Token URLs etc. to get the access token from the API provider.
Follow the steps below to create OAuth Profile:
- Click Configure > ACCOUNTS > OAuth Profile.
- Click Create OAuth Profile.
- On the Create OAuth Profile screen, provide the name of the new OAuth Profile in the Provide a name for this OAuth profile field.
Enter the values in each field of Access Information.
Field Name
Description
OAuth Version
The protocol version to use to connect with your OAuth provider.
OAuth Grant Type
The way the application should interact with your OAuth provider to obtain access token.
Client Identifier
The client identifier issued to the client during the application registration process.
Client Secret
The client secret issued to the client during the application registration process.
Authorization URL The endpoint for authorization server. Access Token URL
The endpoint for authentication server.
Scope
The scope of the access request. The access token issued to the application will be limited to the scopes granted.
Callback URL The callback URL that you will be redirected to, after the application is authorized. You have to use this URL for Callback URL/Redirect URI fields during app registration process. Select Project
Select the Project from drop-down list of Select Project.
You can also use HashiCorp Vault to fetch the following secrets for OAuth Profile:
Important
The supported OAuth Version to use HashiCorp Vault is 2.0.
- Client Secret (For Authorisation Code, Cilent Credential, and Resource Owner Credentials OAuth Grant Types)
- User Name and Password (For Resource Owner Credentials OAuth Grant Type)
Each secret is maintained as a key-value pair in Hashicorp Vault. Select the checkbox to use Vault to fetch secrets for the fields. Enter the variable in the following format in the field:
${Vault:<Key1>}
Where, <Key1> is the key in Hashicorp Vault that is defined for the field.For example, you need to enter ${Vault:Project.ClientSecret} in the Client Secret field, if you have defined Project.ClientSecret as the key for this field in the Vault.
For more details refer to this page.Expand Other Settings to view the advanced properties of OAuth Profile.
Field Name
Description
Authorization Request Query Parameters The Parameters (other than standard OAuth Parameters) to be sent into the authorization requests. Specify the comma separated list of key value pairs. Ex. param1=value1,param2=value2. Authorization Request Headers The Headers (other than standard OAuth Headers) to be sent into the authorization requests. Specify the comma separated list of key value pairs. Ex. param1=value1,param2=value2. Access Token Request Query Parameters
Enter the Access Token Request Query Parameter.
The parameters (other than standard OAuth parameters) to be sent into the access token requests. Specify the comma separated list of key value pairs. Ex. param1=value1, param2=value2.Access Token Request Headers The Headers (other than standard OAuth Headers) to be sent into the access token requests. Specify the comma separated list of key value pairs. Ex. param1=value1,param2=value2. Access Token Key Name in Token Response
The key name to use while extracting access token from token response.
Refresh Token Key Name in Token Response The key name to use while extracting refresh token from token response. Token Response Body Parameters to be fetched
The extra parameters to be captured from token response.
Token Response Query Parameters to be fetched
The extra parameters to be captured from token response query parameters.
Send Access Token as
Specify how the access token is to be sent into requests. The tokens can be sent as header or query param.
Access Token Key Name in API request
The Token Key Name to be sent into API requests. For ex: the value AUTH_TOKEN will be sent as AUTH_TOKEN: Bearer XXXXXXXX (in case of Header param).
Or AUTH_TOKEN=XXXXXXXX (in case of Query param).
Access Token Type in API request
The token Type to be sent into API requests. For ex: the value Bearer will be sent as: Authorization: Bearer XXXXXXXX.
- Click Save.
Important