Credentials in Mapping Functions
Earlier in this documentation, you have seen an introduction to Credentials. Recall that it is possible to create credentials not only in FlowForce Server, but also at mapping design time, in MapForce.
When you deploy a mapping containing credentials from MapForce to FlowForce Server, the credentials are deployed to the server as well. The deployed information will contain only the fields that you filled in when creating the credential record. For example, this may be an empty credential (if you chose to store only the credential name) or a credential object that contains both the username and password.
You can also deploy credential objects from MapForce to FlowForce Server as standalone objects, separately from the main mapping. You can choose directly from MapForce the target container where they should be deployed. For more information, refer to MapForce documentation (https://www.altova.com/documentation).
The following fields are considered sensitive data:
•Password (for credentials of type "Password")
•Client Secret, Access Token, and Refresh Token (for credentials of type "OAuth 2.0")
The sensitive data will be deployed only if you selected the Include in MapForce Server Execution File and Mapping Deployment check box at mapping design time in MapForce. This applies both when you deploy the mapping and when you deploy the standalone credentials.
In FlowForce Server, you can see whether a mapping function needs credentials by opening the page of the respective mapping function, for example:
If you selected the Include in MapForce Server Execution File and Mapping Deployment check box when creating the credential, then the job will use the credentials deployed together with the mapping. In this case, you don't need to specify them from the job configuration page. For example, the following execution step will run the mapping function with the stored credentials if such exist (notice that the "my.credentials" parameter is not expanded):
You can always override the stored credentials with any other credential object that was defined directly in FlowForce Server, or with some local credentials. To do this, click the "+" button and either select a credential object that already exists in FlowForce Server, or enter the username and password directly, for example:
The credentials supplied as parameter to the execution step take precedence over credentials stored inside the mapping function.
If you did not select the Include in MapForce Server Execution File and Mapping Deployment check box when creating the credential in MapForce, it is mandatory to supply credentials as parameters to the execution step; otherwise, the job execution will fail.
In case of mapping functions that require OAuth 2.0 authorization, the access token may expire or be revoked by the Web service provider at any time. When this happens, FlowForce Server attempts to acquire a new one automatically while the job instance runs. If multiple running jobs use the same credential and if the runtime factors allow it, FlowForce Server will refresh the access token in a centralized manner and synchronize all the affected job instances accordingly.