OAuth 2.0 Credentials
In addition to credentials of type password, you can also create credential objects that are OAuth 2.0 authorization details. You can use OAuth 2.0 credentials in FlowForce Server jobs that call Web services where OAuth 2.0 authentication is required.
You can create OAuth credentials in the same way as password credentials, see Defining Credentials. Like with other FlowForce Server objects, users can view or access OAuth credentials only if they have the corresponding permissions, see How Permissions Work.
The fields associated with an OAuth 2.0 credential object are listed below. To obtain these values, you must first register with the Web service provider (for example, Google API Console, Facebook API, Bitbucket API, and so on).
Redirect URI | Specifies the URI where the authorization server will send responses to FlowForce Server (tokens or errors). This field is filled automatically by FlowForce Server. |
Authorization Endpoint | Specifies the URI from where FlowForce Server initiates authorization flows. You can obtain this value after registering with the Web service provider. |
Token Endpoint | Specifies the URI from where FlowForce Server initiates token flows. You can obtain this value after registering with the Web service provider. |
Client ID | The identifier of the client application (FlowForce Server, in this case). You can obtain this value after registering with the Web service provider. |
Client secret | The secret associated with the client application. You can obtain this value after registering with the Web service provider. |
Scope | The scope of the client application, if required by the provider. You can obtain this value after registering with the Web service provider. |
Token Endpoint Authentication | Most OAuth 2.0 authorization servers require that the authorization details be submitted in the POST request header. This is also the value selected by default from the drop-down list.
Some OAuth 2.0 authorization servers accept the authentication details only in the body of the POST request. For such authorization servers, select the value in POST request body from the drop-down list. |
Access token | This is the access token returned by the authorization server. The FlowForce Server job will execute successfully only if the resource server determines that the access token is correct and valid.
To obtain this value manually the first time when you create the OAuth credential, fill all the other fields (except Refresh token), and then click Authorize and Save.
This token expires after a period of time set by the Web service provider. If the token has expired, FlowForce Server will request a new one from the authorization server, using the Refresh token value. |
Refresh token | This is the refresh token returned by the authorization server. It is required when the Access token expires (see above). In rare cases when the access token never expires, this is not necessary. |
The Allow usage for... check boxes apply to all credential kinds in FlowForce, not just OAuth 2.0. They have the same meaning as described previously for password credentials. For an OAuth 2.0 credential that you plan to use for HTTP, make sure that the Allow usage for HTTP check box is selected. Otherwise, the job will fail with a runtime error: "Credential does not support required usage kind" (this message, or one with a similar text, is displayed in the FlowForce log).