OAuth Clients
Introduction
The OAuth Client is used to integrate with an external application registered with an authentication server such as Azure AD or Google. The OAuth Client will be referenced by one or more Email Connections and will be used to obtain an access token and refresh the access token when it expires.
Creating OAuth Client Records
Step 1 | From the Agents & Connections navigation pane, select System > OAuth Clients. The OAuth Client list displays. |
---|---|
Step 2 | Enter / select Details for a new OAuth Client, using the field descriptions below as a guide.
To display more of the Details fields on the screen, you can either:
|
Step 3 | Click a Save button. The OAuth Client record is added to the database, and all buttons and tabs in the OAuth Client Details are enabled. |
Note
To open an existing record on the list, either:
- Click a record in the list to display its record Details below the list. (To clear record Details below the list, click the New button that displays above and below the Details.)
- Clicking the Details icon next to a record name in the list, or right-click a record in the list and then click Open in the Action menu that displays, to display a pop-up version of the record Details.
- Right-click a record in the a list, or open a record and right-click in the record Details, and then click Open In Tab in the Action menu that displays, to display the record Details under a new tab on the record list page (see Record Details as Tabs).
OAuth Client Details
The following OAuth Client Details is for an existing OAuth Client. See the field descriptions, below, for a description of all fields that display in the OAuth Client Details.
For information on how to access additional details - such as Metadata and complete database Details - for OAuth Clients (or any type of record), see Records.
OAuth Client Details Field Descriptions
The following table describes the fields, buttons, and tabs that display in the OAuth Client Details.
Field Name | Description |
---|---|
General | This section contains detailed information about the OAuth Client. |
Name | Name used within the Controller to identify this resource. Up to 40 alphanumerics. It is the responsibility of the user to develop a workable naming scheme for resources. |
Description | Description of this record. Maximum length is 255 characters. |
Member of Business Services | User-defined; Allows you to select one or more Business Services that this record belongs to. (You also can Check All or Uncheck All Business Services for this record.) You can select up to 62 Business Services for any record type, and enter a maximum of 2048 characters for each Business Service. If the Business Service Visibility Restricted Universal Controller system property is set to true, depending on your assigned (or inherited) Permissions or Roles, Business Services available for selection may be restricted. |
OAuth Client Details | |
Provider | Authorization server provider. Options:
Azure AD or Google will automatically populate the Authorization Endpoint and Token Endpoint fields. The Provider cannot be changed after the OAuth Client is created. |
The URL that the user will be redirected to after authorizing the Universal Controller application. Redirect URLs are specified as For example, 'https://example.stone.branch/uc/oauth2/callback'. The Universal Controller will extract the authorization code from the request and exchange it for an access token. The redirect URLs need to match the ones used when registering the Universal Controller application with the authorization server. | |
Authorization Endpoint | Authorization endpoint for the authorization server. This is used by Universal Controller to obtain a temporary authorization code. Read only. |
Token Endpoint | Token endpoint for the authorization server. This is used by Universal Controller to exchange the temporary authorization code for an access token. It is also used by Universal Controller to refresh the access token once it expires. Read only. |
Tenant ID | If provider is Azure AD; The tenant identifier. If not specified, defaults to common. |
Client ID | Client identifier. This is issued by the authorization server when registering the Universal Controller application. |
Client Secret | Client secret. This is issued by the authorization server when registering the Universal Controller application. |
Scopes | The list of scopes to request access to. If Provider is Azure AD, use the following scopes: The If Provider is Google, use the following scope: |
Metadata | This section contains Metadata information about this record. |
UUID | Universally Unique Identifier of this record. |
Updated By | Name of the user that last updated this record. |
Updated | Date and time that this record was last updated. |
Created By | Name of the user that created this record. |
Created | Date and time that this record was created. |
Buttons | This section identifies the buttons displayed above and below the OAuth Client Details that let you perform various actions. |
Save | Saves a new record in the Controller database. |
Save & New | Saves a new OAuth Client record in the Controller database and redisplays empty Details so that you can create another new record. |
New | Displays empty (except for default values) Details for creating a new record. |
Update |
Saves updates to the record. |
Delete |
Deletes the current record. |
Refresh | Refreshes any dynamic data displayed in the Details. |
Close | For pop-up view only; closes the pop-up view of this record. |
Tabs | This section identifies the tabs across the top of the OAuth Client Details that provide access to additional information about the OAuth Client. |
Email Connections | Lists all Email Connections that reference this OAuth Client. Click the Details icon to view full email connection record. |
Versions | Lists all versions of this OAuth Client. Click the Details icon to view full version record. |
Creating an Email Connection
From the Email Connections tab, You can create a new Email Connection that references this OAuth Client by clicking the icon to display details for a new Email Connection record.