Configure OAuth server using Resource owner password grant type

The Resource owner password credentials grant type is suitable for cases where the resource owner has a trust relationship with the client, such as the device operating system or a highly privileged application.

As per OAuth specifications, Tungsten TotalAgility will not save username and password to the database. Hence TotalAgility can support this grant only with a refresh token which means, you should generate access and refresh tokens at design time. TotalAgility uses a refresh token to regenerate the access token.

Navigate to Integration > OAuth servers.

The OAuth servers page appears.
Click New.

The New OAuth server configuration dialog box is displayed. By default, the General tab is open.
Configure the properties on the following tabs.
Click Save to save the authorization.
- If the token generation fails, an error message is displayed; however, the configuration details are saved for reuse.
- When you edit an OAuth server using Resource owner password grant type that has already been authorized you need to authorize again.

General properties

Name	A globally unique name for the OAuth server. The name can have a maximum of 50 characters.
Category	By default, the system automatically saves a new OAuth server in your working category. To store it in a different category, select a category.
Grant type	Resource owner password.
Authentication method	Specify the authentication methods to add additional security to an authorization grant. The following methods are available: Secret in post body Secret using basic authentication Shared secret key JWT Private key JWT Custom See Authentication methods for a description of fields specific to an authentication method.
Credentials	To log in, select either option: Local: Enter the Resource owner name and Resource owner password. External: Enter the secret name for the username and password stored in the configured external storage.
Client ID	An ID to identify the client. The ID must be an alphanumeric string.
Client secret	To log in, select either option: Local: Enter the secret string that the client uses. External: Enter the secret string stored in the configured external storage.
Access token URL	The URL to get an access token.
Scope	The scope to restrict access to specified areas. The value of the scope must be defined as a list of space-delimited and case-sensitive strings.
Supports refresh token	If this option is selected, the Authorization server supports refresh token generation. (Default: Selected)
Refresh token validity duration	The duration for which the token should remain valid. If set to zero, the refresh token always remains valid. (Default: 0)
Disabled reason	If TotalAgility is unable to refresh the access tokens for an OAuth server in multiple retries, the OAuth Server is disabled. This causes the import sources and web service activities that rely on the OAuth Server to stop working. When the OAuth server is disabled, the system displays the error description and the reason in the "Disabled reason" box. The status column on the OAuth servers list page displays the configuration status as follows: Error: If the OAuth server is disabled. OK: If the OAuth server is enabled. . This option is only available upon saving the OAuth server configuration when the OAuth Server is disabled .

Additional properties

Access token request	You can exclude the scope when sending the access token request by clearing Include scope: (Default: selected)
Maximum wait duration	The maximum wait duration to acquire an access token. (Default:1 minute)
Query parameters	The query parameters (if any) required by the authorization server. To add query parameters: Click . Provide a Name and Value. Click Add.
Post parameters	The post parameters (if any) required by the authorization server. To add post parameters: Click . Provide a Name and Value. Click Add.

Custom headers

To configure Custom headers, see Custom headers.

How to: