OAuth Clients

Introduction

The OAuth Client is used to integrate with an external application registered with an authentication server such as Azure AD or Google. The OAuth Client will be referenced by one or more Email Connections and will be used to obtain an access token and refresh the access token when it expires.

Creating OAuth Client Records

Step 1

From the Agents & Connections navigation pane, select System > OAuth Clients. The OAuth Client list displays.
 
Below the list, OAuth Client Details for a new OAuth Client record displays.
 

Step 2

Enter / select Details for a new OAuth Client, using the field descriptions below as a guide.

  • Required fields display an asterisk ( * ) after the field name.
  • Default values for fields, if available, display automatically.
To display more of the Details fields on the screen, you can either:
  • Use the scroll bar.
  • Temporarily hide the list above the Details.
  • Click the New button above the list to display a pop-up version of the Details.

Step 3

Click a Save button. The OAuth Client record is added to the database, and all buttons and tabs in the OAuth Client Details are enabled.

Note

To open an existing record on the list, either:

  • Click a record in the list to display its record Details below the list. (To clear record Details below the list, click the New button that displays above and below the Details.)
  • Clicking the Details icon next to a record name in the list, or right-click a record in the list and then click Open in the Action menu that displays, to display a pop-up version of the record Details.
  • Right-click a record in the a list, or open a record and right-click in the record Details, and then click Open In Tab in the Action menu that displays, to display the record Details under a new tab on the record list page (see Record Details as Tabs).

OAuth Client Details

The following OAuth Client Details is for an existing OAuth Client. See the field descriptions, below, for a description of all fields that display in the OAuth Client Details.


For information on how to access additional details - such as Metadata and complete database Details - for OAuth Clients (or any type of record), see Records.

OAuth Client Details Field Descriptions

The following table describes the fields, buttons, and tabs that display in the OAuth Client Details.
 

Field Name

Description

General 

This section contains detailed information about the OAuth Client.

Name

Name used within the Controller to identify this resource. Up to 40 alphanumerics. It is the responsibility of the user to develop a workable naming scheme for resources.

Description

Description of this record. Maximum length is 255 characters.

Member of Business Services

User-defined; Allows you to select one or more Business Services that this record belongs to.  (You also can Check All or Uncheck All Business Services for this record.)

You can select up to 62 Business Services for any record type, and enter a maximum of 2048 characters for each Business Service.

If the Business Service Visibility Restricted Universal Controller system property is set to true, depending on your assigned (or inherited) Permissions or Roles, Business Services available for selection may be restricted.

OAuth Client Details 


Provider

Authorization server provider. 

Options: 

  • Azure AD
  • Google

Azure AD or Google will automatically populate the Authorization Endpoint and Token Endpoint fields.

The Provider cannot be changed after the OAuth Client is created.

The URL that the user will be redirected to after authorizing the Universal Controller application. Redirect URLs are specified as
 '<Universal Controller Base URL>/oauth2/callback'.

For example, 'https://example.stone.branch/uc/oauth2/callback'. The Universal Controller will extract the authorization code from the request and exchange it for an access token.

The redirect URLs need to match the ones used when registering the Universal Controller application with the authorization server.

Authorization Endpoint

Authorization endpoint for the authorization server. This is used by Universal Controller to obtain a temporary authorization code. Read only. 

Token Endpoint

Token endpoint for the authorization server. This is used by Universal Controller to exchange the temporary authorization code for an access token. It is also used by Universal Controller to refresh the access token once it expires. Read only.

Tenant IDIf provider is Azure AD; The tenant identifier. If not specified, defaults to common. 
Client IDClient identifier. This is issued by the authorization server when registering the Universal Controller application.
Client SecretClient secret. This is issued by the authorization server when registering the Universal Controller application.
Scopes

The list of scopes to request access to.

If Provider is Azure AD, use the following scopes: offline_access and https://outlook.office.com/IMAP.AccessAsUser.All  and/or https://outlook.office.com/SMTP.Send

The offline_access​ scope will be used even if it's not specified explicitly as this is required to obtain a refresh token.

If Provider is Google, use the following scope: https://mail.google.com/

Metadata

This section contains Metadata information about this record.

UUID

Universally Unique Identifier of this record.

Updated By

Name of the user that last updated this record.

Updated

Date and time that this record was last updated.

Created By

Name of the user that created this record.

Created

Date and time that this record was created.

Buttons

This section identifies the buttons displayed above and below the OAuth Client Details that let you perform various actions.

Save

Saves a new record in the Controller database.

Save & New

Saves a new OAuth Client record in the Controller database and redisplays empty Details so that you can create another new record.

New

Displays empty (except for default values) Details for creating a new record.

Update

Saves updates to the record.

Delete

Deletes the current record.

Refresh

Refreshes any dynamic data displayed in the Details.

Close

For pop-up view only; closes the pop-up view of this record.

Tabs

This section identifies the tabs across the top of the OAuth Client Details that provide access to additional information about the OAuth Client.

Email Connections 

Lists all Email Connections that reference this OAuth Client. Click the Details icon to view full email connection record. 

Versions

Lists all versions of this OAuth Client. Click the Details icon to view full version record. 


Creating an Email Connection

From the Email Connections tab, You can create a new Email Connection that references this OAuth Client by clicking the    icon to display details for a new Email Connection record.