OAuth servers
The OAuth authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application (client) to obtain access on its behalf without having to expose its credentials.
The OAuth authorization framework includes the following roles:
-
Resource owner: The resource owner is the person or application owning the data for sharing. For example, a user on Facebook or Google could be a resource owner and the resource they own is their data.
-
Resource server: The resource server is the server that hosts the protected resources that can accept and respond to protected resource requests using access tokens. For example, Facebook or Google is a resource server.
-
Client: A client is an application that makes protected resource requests on behalf of the resource owner and with its authorization. The term "client" here does not imply any specific implementation characteristics, such as whether the application executes on a server, a desktop, or other devices. A client application could be TotalAgility requesting access to a user’s Microsoft account.
-
Authorization server: The server that issues access tokens to the client after successfully authenticating the resource owner and obtaining authorization. The authorization server can be the same as the resource server or a separate entity.
The following image depicts the typical OAuth authorization grant flow.
In TotalAgility, you can define OAuth grants and the mechanisms to get authorizations to interact with various Restful web services. In the "OAuth2" option available for TotalAgility Web service reference, you can use the configured OAuth authorization grants.
TotalAgility supports the following grant types:
-
Authorization code grant with refresh token grant. TotalAgility automatically refreshes the OAuth access token through a system task without user intervention.
-
Client credentials grant without refresh token grant.
-
Resource owner password grant with resource owner password credentials.
TotalAgility does not support the following OAuth grants and features:
-
Authorization Code grant without refresh token grant: This grant supports access token generation through manual login or refresh token, but user intervention is not possible during web service execution.
-
Implicit grant: This grant supports access token generation only through manual login and user intervention is not possible during web service execution.
- Some advanced features of OAuth are not supported directly by Kofax TotalAgility due to their uncommon usage, but they can still be used through the Custom option in OAuth authentication support. For example, you can authenticate through Assertion-based authentication using JSON Web Token (JWT) with a signing algorithm such as RS512 and RS384.
How to:
See also: Authentication methods