Skip to content

Latest commit

 

History

History
154 lines (81 loc) · 4.93 KB

configure-secrets-for-api-authentication-5c3c35e.md

File metadata and controls

154 lines (81 loc) · 4.93 KB

Configure Secrets for API Authentication

This document describes how developers configure secrets with scopes and validity for client authentication.

Context

You can use a client ID and a secret to authenticate when REST API calls (Invitation REST API, User management REST API, Password Service Rest API, and Forgot Password REST API) to the tenant of Identity Authentication are used. The client ID and secret can also be used in the OpenID Connect scenarios of Identity Authentication.

The client ID is in the universally unique identifier (UUID) format. For example, 1ab7c243-5de5-4530-8g14-1234h26373ab.

Remember:

The User ID and a password (secret) to authenticate the client (relying party) in the OpenID Connect scenario must be encoded using the "application/x-www-form-urlencoded" encoding algorithm.

Procedure

  1. Access the tenant's administration console for Identity Authentication by using the console's URL.

    Note:

    The URL has the following pattern:

    https://<tenant ID>.accounts.ondemand.com/admin

    Tenant ID is an automatically generated ID by the system. The first administrator created for the tenant receives an activation e-mail with a URL in it. This URL contains the tenant ID. For more information about your tenants, see Viewing Assigned Tenants and Administrators.

    If you have a configured custom domain, the URL has the following pattern: <your custom domain>/admin.

  2. Under Applications and Resources, choose the Applications tile.

  3. Choose the application that you want to edit.

    Note:

    Type the name of the application in the search field to filter the list items, or choose the application from the list on the left.

    If you don’t have a created application in your list, you can create one. For more information, see Create a New Application.

  4. Choose the Trust tab.

  5. Under Application APIs, choose Client Authentication.

    You can see the Client ID generated for the chosen application.

  6. Choose the Add button in the Secrets section.

  7. Provide the required info in the pop up.

     

     

    Description

    This field is optional.

    Expire in

    You can choose from three options:

    • 1 year
    • 2 years
    • Never

    Scope
    • Application - Secrets with Application scope are used to update the Application configurations.
    • Application Users - select this option to generate a secret to authenticate when REST API calls (Invitation REST API, User management REST API, Password Service Rest API, and Forgot Service REST API) are used.
    • OpenID - select this option to generate a secret to authenticate in the OpenID Connect scenario.

    Note:

    By default all options are selected. Your secret can be used for all scopes.

  8. Save your configuration.

    A pop up with the generated credentials appears. Make sure that you save the client secret for the client ID. You will need it for the API authentication, but you will not be able to retrieve it from the system later.

Results

Once your secret is generated you can see a table with your secrets and information about them. You can generate up to 20 client secrets per application.

Related Information

Unlock Client ID

Disable Client ID Locking

Configure Certificates for API Authentication

Configure JWT for OAuth Client Authentication

SCIM REST API Authentication Mechanisms