Configure OAuth 2.0 server using Resource owner password grant type
The Resource owner password credentials grant type is suitable for cases where the resource owner has a trust relationship with the client, such as the device operating system or a highly privileged application.
As per OAuth 2.0 specifications, Kofax TotalAgility will not save username and password to the database. Hence TotalAgility can support this grant only with refresh token which means, you should generate access and refresh tokens at design time. TotalAgility uses refresh token to regenerate access token.
The OAuth 2.0 servers page appears.
The New OAuth 2.0 server configuration dialog box is displayed. By default, the General tab is open.
Configure the following properties.
A globally unique name for the OAuth server.
The name can have a maximum of 50 characters.
By default, the system automatically saves a new OAuth server in your working category. To store it in a different category, select a category.
Resource owner password.
Specify the authentication methods to add additional security to an authorization grant. Following methods are available:Authentication methods for description of fields specific to an authentication method.
Resource owner name
The name of the resource owner.
Resource owner password
The password of the resource owner.
An ID to identify the client. The ID must be an alphanumeric string.
The secret string the client uses.
Access token URL
The URL to get an access token.
The scope to restrict access to specified areas.The value of the scope must be defined as a list of space-delimited and case-sensitive strings.
Supports refresh token
If this option is selected, the Authorization server supports refresh token generation. (Default: Selected)
Refresh token validity duration
The duration for which the token should remain valid. If set to zero, the refresh token always remains valid. (Default: 0)
Access token request
You can exclude the scope when sending the access token request by clearing Include scope: (Default: selected)
Maximum wait duration
The maximum wait duration to acquire access token. (Default:1 minute)
The query parameters (if any) required by the authorization server. To add query parameters:
Provide a Name and Value.
The post parameters (if any) required by the authorization server. To add post parameters:
Provide a Name and Value.
Save to save the authorization.
If the token generation fails, an error message is displayed; however, the configuration details are saved for reuse.
When you edit an OAuth 2.0 server using Resource owner password grant type that has already been authorized you need to authorize again.