Complete the OAuth 2.0 tab to create an authentication profile with OAuth 2.0 authentication. Consult the API guide of the external application (OAuth 2.0 provider) that you want to connect to, to learn how to obtain the values that are required for the fields on this tab.
Enter the basic details for the OAuth 2.0 authentication profile.
Field |
Description |
OAuth provider | Select or create an OAuth 2.0 Provider data instance. The system automatically populates the Grant type field. |
Grant type | Select the grant type for the OAuth 2.0 provider. |
Enter the credentials that you require to authorize the OAuth 2.0 client in the external application.
Field |
Description |
Username | Enter a page name that references the value for the Username property. |
Password |
Enter a page name that references the value for the Password property. Make sure to encrypt the password. |
Enter the credentials that you require to access OAuth 2.0-protected resources in the external application.
Field |
Description |
Identifier | Required. Enter the client ID that is provided by the external application. |
Secret | Required. Enter the client secret that is provided by the external application. |
Scope | Enter the scope as specified in the API guide of the external application and as configured for this client. |
Redirect URI endpoint |
Enter a URI here and in your OAuth 2.0 provider to specify the target endpoint to redirect to on authorization. This field supports the Global Resource Settings syntax (=PageName.PropertyName). For more information, see Using the Global Resource Settings feature. |
Enable SSO (Box.com Only) | Optional: Select this option to enable single sign-on (SSO). Users who have already been authenticated against the same identity provider will not be asked to reauthenticate. |
Single sign-on (SSO) identity provider (IdP) federation ID |
This field is required if Enable SSO is selected. Specify the single sign-on identity provider federation ID used by the Box account. You can get this value from the This field supports the Global Resource Settings syntax (=PageName.PropertyName). For more information, see Using the Global Resource Settings feature. |
Use refresh token if available | Optional: Select this option to use a refresh token if one is available and supported by the service provider. The refresh token is used to automatically refresh the authorization token when it expires. |
Revoke access tokens | Click to revoke all access tokens that are generated by the external application for this OAuth 2.0 client. |
Some OAuth 2.0 providers require additional custom parameters that you can use with the standard parameters when you invoke endpoint URLs. Add the custom parameters in this section.
Field |
Description |
Authorization code | Provide any custom parameters as required for the authorization code endpoint. |
Access token |
Provide any custom parameters as required for the access token endpoint. |
Revoke token | Provide any custom parameters as required for the revoke token endpoint. |