Access Token for OAuth 2.0

Configure an access token to connect to a REST service that uses a custom OAuth 2.0 authorization scheme or an OAuth 2.0 authentication scheme from a third-party provider. For example, this access token can be used to call a method from a REST API that uses OAuth 2.0 authorization.

Figure: OAuth 2.0 Access Token Configuration screen

OAuth 2.0 Access Token Configuration screen

Background and Setup

Prerequisites

  • A REST service that uses a custom OAuth 2.0 authorization scheme or an OAuth 2.0 authorization scheme from a third-party provider. Some additional documentation or tools for software developers or administrators may be required to get some of the necessary credentials — for example, the OAuth 2.0 access token that is generated by an external system. There are many possible ways to create and configure an OAuth 2.0 authentication scheme. The AgilePoint Product Documentation does not provide information about how to retrieve the necessary credentials from your system.
  • AgilePoint NX OnDemand (public cloud), or AgilePoint NX Private Cloud or AgilePoint NX OnPremises v8.0 or higher.

Good to Know

  • In most cases, you can use a global access token or an app level access token:
    • Global access tokens are shared across all users and apps. If you want all process designers and runtime app users in your AgilePoint NX tenant to be able to connect to an external data source, use a global access token. An example is a SharePoint site on an intranet that all employees in a company can access.
    • Application level access tokens are shared with all processes in a process-based app, or restricted to use within a form-based app. Use application level access tokens if only process designers or runtime app users for a particular application should access an external system — for example, a Google Drive account that is only used to share files within a small team.
  • Access tokens are collections of credentials that are used to authenticate communication directly between AgilePoint NX and an external system. Because it is the AgilePoint NX system that uses these credentials, rather than an app, there is no difference between design time and runtime access tokens. Access tokens are never checked in or published, and they do not use version control. If you change an access token in the App Builder or Manage Center, the access token changes immediately everywhere the access token is used. Changes to app level access tokens apply to all versions of an app, including running application instances. Changes to global access tokens apply everywhere they are used in AgilePoint NX. You can not roll back an access token to a previous version.

    For more information, refer to What Data Is Deleted When I Delete an App or Application Resource?

  • If you need help configuring this access token, contact AgilePoint Professional Services.
  • This screen may look different in different places. The UI varies for this screen depending upon how you open it. However, the fields for this screen are the same in all places.
  • Some information about third-party integrations is outside the scope of the AgilePoint NX Product Documentation. It is the responsibility of the vendors who create and maintain these technologies to provide this information. This includes specific business use cases and examples; explanations for third-party concepts; details about the data models and input and output data formats for third-party technologies; and various types of IDs, URL patterns, connection string formats, or other technical information that is specific to the third-party technologies. For more information, refer to Where Can I Find Information and Examples for Third-Party Integrations?

Fields

Field Name Definition

Token Name

Function:
Specifies the unique name for your connection to your REST service.
Accepted Values:
A text string that can have letters, numbers, and spaces.
Default Value:
None
Example:
This is a common configuration field that is used in many examples. Refer to:
  • Examples - Step-by-step use case examples, information about what types of examples are provided in the AgilePoint NX Product Documentation, and other resources where you can find more examples.

Description

Function:
A description for your access token.
Accepted Values:
More than one line of text.
Default Value:
None
Example:
This is a common configuration field that is used in many examples. Refer to:
  • Examples - Step-by-step use case examples, information about what types of examples are provided in the AgilePoint NX Product Documentation, and other resources where you can find more examples.

Grant Type

Function:
Specifies the grant type used to connect to your REST service.
Accepted Values:
  • Authorization Code - Uses an authorization code to connect to your REST service.
  • Client Credentials - Uses token-based authentication to connect to your REST service.
  • Password Credentials - Uses a user name and password to connect to your REST service.
Default Value:
Authorization Code

Redirect URL

Function:
Specifies the callback URL from the connected application.
To Open this Field:
  1. On the OAuth 2.0 Access Token screen, in the Grant Type field, click Authorization Code.
Accepted Values:
A string in URL format.
Default Value:
https://mysite.com/manage/shared/success.html

Authorization URL

Function:
Specifies the authorization URL for your REST service to retrieve an authorization code.

The authorization URL is part of your REST service. For more information, refer to the documentation or other resources for developers or administrators for your REST service.

To Open this Field:
  1. On the OAuth 2.0 Access Token screen, in the Grant Type field, click Authorization Code.
Accepted Values:
The authorization URL for your REST service.
Default Value:
None
Example:
https://authorization-server.com/oauth/authorize

Access Token URL

Function:
Specifies the token endpoint URL for your REST service to retrieve the OAuth 2.0 access token.

The access token URL is part of your REST service. For more information, refer to the documentation or other resources for software developers or administrators for your REST service.

Accepted Values:
The access token URL for your REST service.
Default Value:
None
Example:
https://authorization-server.com/oauth2/token

Client ID

Function:
Specifies the client ID of the app you created or added in your REST service.
Accepted Values:
A string with letters and numbers.
Default Value:
None

Client Secret ID

Function:
Specifies your client secret ID of the app you created or added in your REST service.
Accepted Values:
A string with letters and numbers.
Default Value:
None

Scope

Function:
Specifies the permissions for this access token, which limits access for to your REST service for an AgilePoint NX app.

If this field is blank, an app that uses this access token has all permissions for your REST service.

Accepted Values:
One or more permission names separated by spaces.
Default Value:
None
Example:
Read Write

State

Function:
Specifies a unique, secret value for the state to send in a request URL to authenticate the authorization request.

The state value is used to prevent cross-site request forgery (CSRF) attacks.

To Open this Field:
  1. On the OAuth 2.0 Access Token screen, in the Grant Type field, click Authorization Code.
Accepted Values:
An alphanumeric string with no spaces.
Default Value:
None
Example:
KMDTSU1590549

User Name

Function:
Specifies the user name for your REST service.
To Open this Field:
  1. On the OAuth 2.0 Access Token screen, in the Grant Type field, click Password Credentials.
Accepted Values:
The user name for your Rest service.
Default Value:
None
Accepts Process Data Variables:
No

Password

Function:
The password for the authentication account.
To Open this Field:
  1. On the OAuth 2.0 Access Token screen, in the Grant Type field, click Password Credentials.
Accepted Values:
An alphanumeric string that represents a password.
Default Value:
None
Accepts Process Data Variables:
No

Client Authentication

Function:
Specifies how to send the Client ID and Client Secret ID to authenticate.
Accepted Values:
  • Send as Basic Auth header - You can send the Client ID and Client Secret ID as a base64 encoded string in the HTTP authorization header.
  • Send client credentials in body - You can send the Client ID and Client Secret ID in the request body.
Default Value:
Send as Basic Auth header

OAuth 2.0 Access Token

Function:
Specifies an OAuth 2.0 access token from your REST service.
Accepted Values:
An OAuth 2.0 access token.

This value comes from your REST service.

Default Value:
None.

Get OAuth 2.0 Access Token

Function:
Sends a request to the REST service to get the OAuth 2.0 access token.

To complete this process, you must sign in to your REST service, and specify your consent when prompted. For more information, refer to the documentation or other resources for software developers or administrators for your REST service.

Renewal Rate

Function:
Specifies how frequently to renew your application's access token.
Accepted Values:
  • Disabled
  • Every 15 minutes
  • Every half an hour
  • Every hour
Default Value:
Every hour