Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To consume the EmpowerID API from an application external to the platform, you need to register that application as create an OAuth Client Provider app for that application in EmpowerID. This integrates the application with EmpowerID and generates a unique API Key, Client Secret, and Client ID for it. You use these to get an OAuth 2.0 access token (JWT). can then use that application for the OAuth Provider App for any third-party OAuth applications you register in EmpowerID.

Info

Prerequisites

Your organization’s resources – like its user accounts, groups, mailboxes, etc., as well as the resources internal to EmpowerID – such as its workflows, applications, and pages – are protected application resources secured by various EmpowerID operations. These operations are protected code objects that when executed allow resources to be accessed in a way that is consistent with both the operation and the type of resource being accessed. Some examples include adding users to groups, creating mailboxes, updating user attributes, or even viewing the pages of the Web application. Before users can access a resource in a given way, their EmpowerID Person must have an access assignment for the operation or operations that allow them to do so. As API calls are essentially executions of EmpowerID operations via HTTP, the applications you register to call the API need to have an EmpowerID Person linked to them with the appropriate access. Otherwise, you will receive a 401: Unauthorized error. To facilitate API calls, your organization should create the requisite number of Person objects with the appropriate amount of access for the application’s intended purpose.

...

Create an OAuth

...

Provider application

  1. On the navbar of the EmpowerID Web interface, expand Apps and Authentication > SSO Connectionsand click OAuth /OpenID ConnectApplications.

  2. On the EmpowerID OAuth Client Apps tab of the OAuth Applications page, click the Add (blue star) button Create OAuth Application action link.

    Image RemovedImage Added

  3. On the General tab of the OAuth Provider Application Details page, fill in the following information:

    • Name – Name of the application

    • Display Name – Display name for the application

    • DescriptionDescription A characterization of the application

    • Application Type – Select the appropriate application type from the drop-down; the default type is Web application.

    • Application Owner – By default, this is set to the person creating the app. You can change this by searching for and selecting another person.

    • Issuer – Defaults to EmpowerID; you can update the value to any string / URL you want.

    • Signing Certificate – Select a certificate with a private key from the EmpowerID certificate store

  4. Click Save.

    The system creates the application and directs the browser to the View One page for it.

Adding Client Secrets and Callback URLs to the application

  1. On the View One page for the application, expand the Client Secrets accordion and click the Add (blue star)button.

  2. Copy the string in the Client Secret field.
    Note: This is the only time you will see the entire string. Once you create the secret, the value is encrypted, and you will not be able to recover it.

  3. After you have copied and saved the Client Secret, enter the following information:

    1. Name – Name of the secret

    2. Expires – Select I Year, 2 Years, or Never.

  4. Click Save to create the secret.

  5. Expand the Callback URLs accordion and click the Add (blue star) button.

  6. In the Callback URL field, enter https://<yourserver>/WebIdPForms/OAuth/V2, replacing <yourserver> with the FQDN of your EmpowerID Web server. Add any other Callback URLs supported by your application. Please note that Callback URLs are case-sensitive.

  7. Click Save.

Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <p class = \"bd-callout bd-callout-info\">Take note of the <b>Client ID</b> and the <b>API key</b>. You need these values, as well as the <b>Client Secret</b>, \r\n to get an <a href=\"https://dotnetworkflow.jira.com/wiki/spaces/EDG/pages/1389756441/Get+an+Access+Token\">access token</a>.</p>","javascript":"","css":""}
How to configure advanced OAuth flows for the application
  1. After EmpowerID creates the application, click the Edit link on the View One page to put the application in edit mode.
  2.  On the edit page for the application, select the Advanced Configuration tab. 
  3. Under the OAuth Flow Details section, fill in the following details:
    • Domain Name (Device Code Flow) – If you use this application for OAuth Device Code Grant Type, enter the server domain name. Eg., sso.empoweriam.com
    • SAML Connection (SAML Bearer Assertion Grant) – If you use this application for OAuth SAML Bearer Assertion Grant Type, select an appropriate SAML connection from the drop-down
    • Enable Client Credential Flow – If you use this application for OAuth Client Credential Flow, enable this checkbox
    • Enable On-Behalf-Of Flow – If you use this application for On-Behalf-Of flow, enable this checkbox
 Macrosuite divider macro
dividerWidth100
dividerTypetext
emoji{"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"}
isEditingIconOrEmojifalse
textColor#000000
dividerWeight3
labelPositionmiddle
textAlignmentcenter
iconColor#0052CC
iconSizemedium
fontSizemedium
textNext Steps
emojiEnabledfalse
dividerIconbootstrap/CloudsFill
dividerColor#DFE1E6
 Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue
Create an OAuth application