Skip to main content

OAuth servers

OAuth server for a branch

menu Integration & AI > OAuth servers

OAuth 2.0 is the industry-standard protocol for authorization. It can be used to connect to other applications like Google, Facebook, Github, etc.

The OAuth servers that are created here, can be used in process flows to create a secure connection for HTTP-connectors to use.

  1. In the group Authentication, you can specify the following options:

    • Client - The public Client ID.

    • Client secret - A string used by the OAuth client to authenticate to the authorization server. It is essentially the application's password and must be sufficiently random.

    • Send client credentials - Client credentials are sent In the request body by default. This is supported by most OAuth servers. Basic OAuth however, is supported by all OAuth servers. For this reason, you can also send client credentials As Basic Auth header.

    • Require PKCE - Only clear this checkbox if the OAuth server does not support PKCE (Proof Key for Code Exchange). PKCE is a security feature to prevent CSRF and authorization code injection attacks.

      tip

      With a 3-tier Software Factory in the Universal GUI, you can store key values encrypted. See Encryption for a branch.

  2. The settings in the group User login are only for the OAuth user login connector that uses this server:

    • Request refresh token - Request an additional token to allow refreshing the access token when it expires.
    • Prompt - Specifies how the user is prompted for authentication:
      • Consent - opens a consent dialog after the user signs in, asking the user to grant permissions.
      • Login - forces the user to enter their credentials, negating single-sign on.
      • Select account - sends the user to an account picker where all accounts remembered in the session will appear.
      • None - does not present any interactive prompt to the user. If the request cannot be completed silently via single-sign-on, an error is returned.
Override OAuth server settings
  • To override these settings for a specific runtime configuration (for development and testing): menu Maintenance > Runtime configurations > tab OAuth servers. See Runtime configurations for more information.
  • To override these settings for an application in IAM: menu Authorization > Applications > tab OAuth servers. See OAuth servers settings in IAM.

Was this article helpful?