Authorization Code

Authorization code OAuth flow type is used to gain access to the desired application. It involves authenticating the credentials using Authorize URL and then getting the access token using the Token URL.

To create Authorization Code Flow type in OAuth Activity

  1. Make sure the prerequisites for using OAuth activities are met.
  2. In the OAuth Flow Types list, select the OAuth Flow types as Authorization Code.
  3. In the Preferred Browser list, select the browser from the available options such as Chrome, FireFox or MicrosoftEdge.
  4. In the Client ID field, specify the Client ID. Additionally, select the checkbox if it is a default value.
  5. In the Redirect URL field, specify the Redirect URL. Additionally, select the checkbox if it is a default value.
  6. In the Authorize URL field, specify the Authorize URL. Additionally, select the checkbox if it is a default value.
  7. In the Access Token URL field, specify the Access Token URL. Additionally, select the checkbox if it is a default value.
  8. In the Client Secret field, specify the Client Secret generated during the registration of the application. Additionally, select the checkbox if it is a default value. 
     

    NOTE: 
    • Public Client Application: In case, the application has public client platform then, you can skip entering the value in client secret field.
    • Private Client Application: In case of private client application, you must enter the client secret value. This value is considered difficult to access and can store an application secret. Private clients can hold configuration-time secrets.
  9. In the Scope field, specify the scope of the OAuth activity. For example, User.Read. Additionally, select the checkbox if it is a default value.
     

    NOTE: 

    In case multiple scopes are provided, separate them using a space.
  10. In the Provide Output Argument field, select the output argument. The output argument should have Direction as Out. It stores the access token value returned by the OAuth activity on successful authentication.

    Steps for Win Popup Handler
     
  11. Once all the configurations are done, click the    (Settings) icon on the OAuth activity. It launches the selected browser window.
  12. Double click the OAuth Activity. Drag & Drop Win Popup Handler Activity inside it.

  13. Double click the Win Popup Handler Activity and click Add to add Application Control.
  14. Click the    (Field Configuration) icon.
  15. Configure the step to provide the email id.

  16. Configure the parameters in the Application Control to enter the mail id.

  17. Similarly, add multiple Application control activities till the sign in process is completed for the user.
  18. Save the process.
  19. Test run the process to receive the Access Token.
  20. If the user is accessing the application for the first time with the provided scope, then a prompt to give the consent appears. If the consent is provided once, then re-consent will not be taken. Hence, automating this step is not required.


     

    NOTE: 
    • In case the scope is changed and if no consent was provided for the new scope earlier, then the consent prompt will re-appear.
    • Product recommends that user provides the necessary consents during process design to avoid runtime process failures.

Step-By-Step Guide to use Authorization Code Flow type in OAuth Activity

 

Let’s create an example to fetch token using the Authorization Code Flow type in OAuth Activity.

  1. Make sure the prerequisites for using OAuth activities are met.
  2. In the Canvas Tools pane, click Auth Types to expand the tool and view the associated activities. 
  3. Drag the OAuth activity and drop the activity on the Canvas
  4. In the OAuth Flow Types list, select the Authorization Code as OAuth Flow type.


  5. In the Preferred Browser list, select the browser from the available options. For example, Chrome.
  6. In the Client ID field, specify the Client ID. Additionally, select the checkbox if it is a default value. Sample Format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX. For more information, see Prerequisites.
  7. In the Redirect URL field, specify the redirect URL. Additionally, select the checkbox if it is a default value. For example: https://login.microsoftonline.com/common/oauth2/nativeclient.
  8. In the Authorize URL field, specify the Authorize URL. Additionally, select the checkbox if it is a default value. For example: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize
  9. In the Access Token URL field, specify the Access Token URL. Additionally, select the checkbox if it is a default value. For example: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token.
  10. In the Client Secret field, specify the Client Secret generated during the registration of the application. Additionally, select the checkbox if it is a default value. In case, the client is running on Public Client application then, you can skip entering the value in client secret field. 
  11. In the Scope field, specify the scope of the OAuth activity. For example, User.Read. Additionally, select the checkbox if it is a default value.
  12. In the Parameter bar, create the below arguments with Direction as In:
    1. mailId – Enter the Email to store and pass as the input value for email. Example – aeuser@ev.com
    2. password – Enter the Password to store and pass as the input value for password.
    3. generatedOTP
    4. mfaSecret – Enter the secret key displayed while adding Authenticator app. For more information refer prerequisites for using OAuth activities.
       

      NOTE: 
      • mailId and password can also be passed as the default value.
      • If Multi-Factor Authentication is not enabled on the user account using which authentication will be performed, then no arguments should be created for storing OTP and MFA Secret Key.
  13. In the Parameter bar, create an Out argument as accessToken to store the extracted token returned from the OAuth activity.

  14. In Provide Output Argument list of the OAuth activity, select the accessToken argument.

  15. To verify or check the generated access token WriteLine activity can be used. The text entered should be a string or a string variable.
  16. Click the    (Settings) icon on the OAuthActivity. It launches the selected browser window.
  17. Perform the Configurations using Win Pop Handler to SignIn into the application. For more information refer Configurations using Win Popup Handler.
  18. Once the Win Popup Handler configurations are done, test run the process.
  19. Once the test run is successful, the accessToken value gets printed in the Studio Console Output.