Software AG Products 10.7 | Integrating On-Premises and Cloud Applications | Integration Cloud | Settings | OAuth 2.0 | Registering Clients
 
Registering Clients
Before a client can request access to a protected resource, it should register with Integration Cloud. When you register a client, you identify the client as a confidential client or a public client, select the grant types the client can use, and specify the token expiration and refresh information. The Client Registration page lists the clients registered with Integration Cloud.
See About OAuth 2.0 for information on the high-level steps for configuring OAuth 2.0.
Note:
When you delete a client, Integration Cloud also deletes all the access tokens and refresh tokens for the client. When you deactivate a client by clearing the Active option while updating the client, all the access tokens and refresh tokens for the client become invalid. You can activate a deactivated client.
Note:
Users who have the Access Control permission under Settings > Access Profiles > Administrative Permissions > User and Ownership Controls can create, edit, and delete clients.
*To add a Client
1. From the Integration Cloud navigation bar, go to Settings > OAuth 2.0 > Client Registration > Add New Client.
2. On the Add New Client page, complete the following fields. Required fields are marked with an asterisk on the screen.
Field
Description
Name
Type the name of the client. You cannot create clients with the same Name and Version combination. You cannot modify the client name after the client is saved. Client names are not case-sensitive.
Description
Type a description of the client.
Client ID
The Client ID field appears only when you update a client. This is a client identifier issued to the client to identify itself to the authorization server, and is used while generating tokens.
Client Secret
The Client Secret field appears only when you update a client. This is a secret matching to the client identifier and is used while generating tokens. It will not be generated if the Client Type is Public.
Authorization Endpoint
View the authorization URL that has to be provided while generating tokens. See the Generating Tokens section for more information.
Token Endpoint
View the Access Token URL that has to be provided while generating tokens. See the Generating Tokens section for more information.
Refresh Token Endpoint
View the Refresh Token URL that has to be provided while refreshing Access Tokens. See the Refreshing Access Tokens Using Refresh Tokens section for more information.
Version
Type the version number of the client. You cannot create clients with the same Name and Version combination.
Type
Select the type of the client according to its ability to communicate with Integration Cloud.
Confidential - Select Confidential when the OAuth session uses the following grants:
*Authorization Code Grant
*Client Credentials Grant
*Resource Owner Password Credentials Grant
This client is capable of maintaining secure client authentications. When you select client type as Confidential, Integration Cloud generates a client secret. This client secret will be required by Integration Cloud when the client makes requests to the OAuth services.
Public - Select Public when the OAuth session uses the Implicit Grant type. This client is not capable of maintaining secure client authentications.
Redirection URLs
Specify the URLs that Integration Cloud will use to redirect the resource owner's browser during the grant process.
You can add more than one redirection URL.
If you select the Authorization Code Grant or the Implicit Grant types, you must enter at least one Redirection URL for the client.
Allowed Grants
Select the type of grant flow required by the client.
Expiration Interval
Select the length of time (in seconds) that the access token is valid.
Never Expires - Indicates that the access token never expires. The Token Management page displays Lifetime for that token.
Expires In - Specify the number of seconds the access token is valid.
Refresh Count
Select the number of times the access token can be refreshed.
Unlimited - Refresh the access token an unlimited number of times using the refresh token. The Token Management page displays Unlimited for that refresh token.
Limited - Specify the number of times to refresh the access token. The Token Management page will display the Refresh Count for that refresh token. If you specify 0 or leave the field empty, a refresh token will not be issued.
Note:
Tokens can be refreshed only when using the Authorization Code Grant flow.
Active
This option appears only when you update a client. Clear this option to deactivate the client. When you deactivate a client, all the access tokens and refresh tokens for the client become invalid.
3. Click Add to add the client in the Client Registration page.
4. On the Client Registration page, if you want to associate scopes with a client, select a client and then click Associate Scopes. The Associate Scopes with <ClientName(Version)> page appears. The Associate Scopes with <ClientName(Version)> page displays the already associated scopes with the selected client.
a. On the Associate Scopes with <ClientName(Version)> page, to associate existing scopes with the client, select Associate Existing Scopes.
b. On the Select Scopes to Associate dialog box, select the existing scopes to associate with the client and then select Associate Scopes. The newly associated scopes will appear in the Associate Scopes with <ClientName(Version)> page.
c. To create a new scope and associate it with the selected client, select Associate New Scope. Create the new scope as described in the Managing Scopes section. The new scope will be associated with the selected client.
d. To disassociate a scope from a client, select the scope on the Associate Scopes with <ClientName(Version)> page and then click Disassociate.