Build authentication with OAuth 2.0

This is an Early Access feature for existing Workflows users. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

OAuth 2.0 is a protocol that allows you to grant limited access to resources on a third party site without having to expose your credentials to Workflows. Before beginning the OAuth process, you must first register a new application with the service. The Redirect URL for your development environment is listed in the Credentials section of the auth form.

To add OAuth 2.0 authentication:

  1. Click the Overview tab.

  2. Click Set up authentication.

  3. From the Authentication dialog, in the Auth Type dropdown, select OAuth 2.0.

  4. Add values to the following fields:

Field Definition
Paths
Base URL

This is the root url for the service’s authentication endpoints (for example, https://account.box.com/api/oauth2). Any account specific details that get passed along in the URL can be noted using double mustache brackets (for example, https://{{auth.instance}}.service-now.com/api/). The label and key for the bracketed information can be defined in the Auth Fields section below.

Authorize Path The authorization path for the service. For example, authorize.
Token Path The URI where Workflows can exchange an authorization code for access and refresh tokens. For example, /authorize.
Refresh Token Path (Optional) The refresh token path is often the same as the access token path. But if your service uses a separate endpoint for refreshing the access token, then it can be entered here. For example, /token.
Credentials
Redirect URLs When registering a new app, you usually register basic information such as application name or web site. In addition, you must register a redirect URL to be used for redirecting authentication back to Workflows. Use the following Redirect URLs to connect to Okta Workflows Preview and Prod respectively:

https://oauth.workflows.oktapreview.com/oauth/{{auth.connector_key}}/cb and https://oauth.workflows.okta.com/oauth/{{auth.connector_key}}/cb

Your connector key can be found on the Settings page.

Client ID A publicly exposed string provided by the service that is used to identify the OAuth application and build authorization URLs.
Client Secret A private value provided by the service used to authenticate the identity of the application to the service.
Scopes (Optional)
Scopes Scopes specify the precise level of access provided to Workflows. To verify whether a special scope is needed to retrieve a refresh token (such as refresh_token or offline_access), see your API documentation. In order for a CAPIA card to hit all endpoints on an API, typically all scopes must be enabled in your app.
Scopes Delimiter Specify a delimiter for how scopes are separated. Multiple scopes are often space or comma separated, but this can depend on the service. Options are space and comma.
Parameters (Optional) Parameters allow you to collect any additional information from the connector user that may be necessary for authentication, such as instance or subdomain. These fields will be presented to the user when they first create a connection and will be required.

Label: Display name that shows on the New Connection dialog during connector set up.

Key: Text value in the key-value pairing that is used by the service. For example, api_key, application_key, or authentication.

Type: Three different field types are available.

  • Text: A plain text field will be presented to the user. This is an open text field with no redaction.

  • Password: A redacted text field. The user will not be able to see what is entered into this field.

  • Dropdown List: A manually created dropdown of values to be selected by the user.

Config Values (Optional)

Additional configuration values may be needed to define how a user authenticates to your connector. You can added such values in this section.

Label: Display name for the configuration value that shows on the New Connection dialog during connector set up.

Definition: Indicate whether this field will be populated with a static value or a value from a helper flow:

  • For Static Value, enter the value in the Value field.

  • For Value from Helper Flow, select a flow from the Choose Flow dialog.

Type: Two different field types are available.

  • Text: A plain text field will be presented to the user. This is an open text field with no redaction.

  • Password: A redacted text field. The user will not be able to see what is entered into this field.

The Visible toggle determines whether the configuration value will appear in the authentication dialog for the connector.

Next step

Add option fields to connector cards