OAuth2 Authentication

The OAuth2 Authentication method retrieves a token and uses it as part of the request. There are several different grant types that affect token’s usage. You must check whether you are using the correct grant type for the given request.

To use OAuth2 Authentication, you must select “OAuth2 Authentication” from the “Authentication Type” drop-down list.

All OAuth2 requests have some basic requirements when making the token request.

The required fields include:

  • Client ID: This field provides the ClientID (similar to username) when requesting a token. This field is required.

  • Client Secret: This field provides the secret (similar to password) when requesting a token. This field is required.

  • Access Token URL: This field provides the URL for generating the token in the data request. This field is required.

  • Delay Time to Next Request (seconds): This field provides how long to wait (in seconds) between failed requests. If the value is 0, there will not be a retry between failed requests. Default: 0. This field is optional.

  • Request Header: This field describes the name of the header to be sent. Default: Authorization. This field is optional.

  • Token Format: This field describes how content should be sent. The format allows for a single substitution for the token. This substitution occurs when specifying {} in the format. For example, if you wanted to use Bearer <token>, you would input Bearer {}. Default: {}. This field is optional.

  • Response Token Key: This field states the key where the token exists in the returned JSON dictionary. This field is required.

  • Client auth method: This field states how the Client ID and Client Secret are sent to the token server. Basic Authentication utilizes the Authorization Header while Post Body adds this information into the request’s body. This field is required.

  • Token Refresh Implementation: This field allows the token to be expired within ScienceLogic. This enables the Snippet Framework to automatically request a new token before the current token is expired. If Static is selected, a new field will appear where the time-to-live will be specified (in seconds). This field is optional.

Resource Owner

The OAuth2 Authentication method can use the Resource Owner grant type to enable token generation for a given username, password, and scopes.

To use this grant type, you must select the “Resource Owner Password Credentials” option from the “OAuth2 Grant Type” drop-down list.

The required fields for Resource Owner include:

  • Resource Owner Username: This field states the username that will own the token. This field is required.

  • Resource Owner Password: This field states the password for the given username of the token. This field is required.

  • Token Scopes: This field supplies all scopes that are required to make your data call. If you require multiple scopes, refer to your token server on how to supply this information. This field is optional.

  • Additional body Parameters: This field allows for any additional parameters to be included with the token request. This value should be a valid JSON dictionary. This field is optional.

Example

You must make a request to a data server that requires a token from OAuth2/Resource Owner. The data server expects the header Auth: Bearer <token>. The token server requires the client credentials as part of Basic Authentication.

The token server generates the tokens at https://token.info with “Client ID” of my_client_id, “Client Secret” of my_client_secret, “Owner Credential” of OwnerUser/OwnerPass, and “Token scopes” of “Scope3, Scope4”.

The returned format of this generation:

{
    "token": "<the_token_to_use>",
    "expires": "900s"
}

To configure OAuth2/Resource Owner, these must be configured:

  • Client ID: my_client_id

  • Client Secret: my_client_secret

  • Access Token URL: https://token.info

  • Request Header: Auth

  • Token Format: Bearer {}

  • Response Token Key: token

  • Client auth method: Basic Auth

  • Resource Owner Username: OwnerUser

  • Resource Owner Password: OwnerPass

  • Token Scopes: Scope3, Scope4

Client Credentials

The Client Credentials grant type allows the generation of a token for a given set of scopes.

To use this grant type, you must select the “Client Credentials” value from the “OAuth2 Grant Type” drop-down list.

The field included in Client Credentials:

  • Token Scopes: This field supplies all scopes that are required to make your data call. If you require multiple scopes, refer to your token server on how to supply this information. This field is optional.

Example

You must make a request to a data server that requires a token from OAuth2/Client Credentials. The data server expects the header Auth: Bearer <token>. The token server requires the client credentials within the body of the request.

The token server generates the tokens at https://token.info with “Client ID” of my_client_id, “Client Secret” of my_client_secret, “Owner Credential” of OwnerUser/OwnerPass, “Token Scopes” of “Scope3, Scope4”.

The returned format of this generation:

{
    "token": "<the_token_to_use>",
    "expires": "900s"
}

To configure OAuth2/Resource Owner, these must be configured:

  • Client ID: my_client_id

  • Client Secret: my_client_secret

  • Access Token URL: https://token.info

  • Request Header: Auth

  • Token Format: Bearer {}

  • Response Token Key: token

  • Client auth method: Post Body

  • Token Scopes: Scope3, Scope4