OAuth 2.0 Configuration Parameters

The parameters listed on this page pertain to OAuth 2.0 configuration. You can use OAuth 2.0 authentication where access tokens are used to authenticate a connection. Access tokens are generated based on the selected grant type. The connector can use generated tokens. When configuring OAuth 2.0 authentication, you must configure parameters relevant to OAuth 2.0 (Client ID, Client Secret, Token URL, and Refresh Token).

Note
If you select Client Credentials or Refresh Token as your grant type additional configuration of OAuth 2.0 authentication is available with more parameters in the Request body. For information on configuring optional parameters, refer to Additional OAuth 2.0 Authentication Configuration Parameters.

Authorization grant to be used to obtain an access token. Select from the following grant types:

  • Refresh Token (default) – This grant type is used by clients in order to exchange a refresh token for a new access token when the existing access token has expired. This allows to get a new session when the current session expires, without having to re-authenticate as frequently. This grant type is commonly used together with Authorization Code to prevent a user from having to log in several times per day.

  • Client Credentials – The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.

  • JWT – A JWT (JSON Web Token) securely authenticates the connection to an external application to perform operations as required. A JWT contains encoded JSON objects, and is signed using a signing algorithm to ensure that the claims cannot be altered after the token is issued. These tokens have a specific structure consisting of a header, payload, and signature.

  • Password – The Password grant type is a way to exchange a user's credentials for an access token. Although this type is supported, it is considered less secure than other grant types.

Note
Attributes marked with * are mandatory attributes.

Refresh Token

The parameters listed below are required when you select the Refresh Token grant type.

URL for generating access token

Client ID for OAuth 2.0 authentication. The client identifier issued to the client during the registration process for OAuth 2.0 on the SCIM 2.0 server.

The client secret pertaining to the provided Client ID.

The refresh token provided by the application used to generate an access token.

Client Credentials

The parameters listed below are required when you select the Client Credentials grant type.

URL for generating access token

Client ID for OAuth 2.0 authentication. The client identifier issued to the client during the registration process for OAuth 2.0 on the SCIM 2.0 server.

The client secret pertaining to the provided Client ID.

JWT

The parameters listed below are required when you select the JWT grant type.

URL for generating access token

If required, additional headers in JSON format can be added. The header consist of the type of the token (JWT), and the signing algorithm being used.

For example:

Copy 
{
    "typ" : "JWT",
    "alg" : "RS256"
    }

JWT issuer for authorization.

JWT subject for authorization.

JWT audience for authorization (Recipient for which the JWT is intended).

Accepts additional body parameters in JSON format as follows:

Copy 
{
"client_id":"xxxxx",
"client_secret":"xxxxx"
}

If additional payload is already set and you want to set it to empty then remove it from the application debug page.

The private key to be used to sign the JWT.

Password for the provided private key.

Password

The parameters listed below are required when you select the Password grant type.

URL for generating access token

Username to be used for OAuth2 authentication.

Password to be used for OAuth2 authentication.

Accepts additional body parameters in JSON format as follows:

Copy 
{
"client_id":"xxxxx",
"client_secret":"xxxxx"
}

If additional payload is already set and you want to set it to empty then remove it from the application debug page.