Managing OAuth Clients

Overview

Use the developer dashboard in Credenza to manage OAuth clients. You can configure client details, callback URLs, confidentiality status, and allowed login types.

Use the following URL to access the developer dashboard: https://developers.credenza3.com/app

Setting Up OAuth Clients

To authenticate users, you need to set up your application in Credenza. This involves configuring OAuth clients, which enable your application to interact with the authorization server for user authentication.

Adding new client

To create an OAuth client in Credenza, you need to set up the application client. This involves specifying the application name, allowed redirect URLs, token TTL (Time To Live), and one or more permitted authentication types.

View image

Configuring Callback URI's

A callback URI is an endpoint where the authorization server sends the user once the authentication process is complete. This URI is crucial because it helps ensure that only the assigned application can receive authorization codes or tokens.

At least one callback URI is required and will be checked during the authentication flow. If a callback URL is not configured correctly, the authentication process cannot be completed.

For example, a typical callback URL for a webpage might look like this: https://<application_domain>/callback. This URL is where the browser will be redirected to continue the authentication flow.

To add multiple callback URLs, you can use the Add + button next to the Callback URI (at least one) field. This allows you to specify several endpoints, allowing you to configure multiple domains or use test environments.

OAuth Client Types (The "Is confidential" option)

OAuth specification defines two types of clients: confidential clients and public clients.

Confidential clients are applications that are able to keep their registered client secret safe. Examples of confidential clients include server-based applications.

After you create a confidential client in Credenza, the client_secret will be shown to you only once. Ensure that you store it securely, as you will not be able to retrieve it again. Losing the client_secret will require you to create a new application client.

Public clients, on the other hand, cannot use registered client secrets, as the cannot store them securely. This type includes applications running in a browser or on a mobile device. Public clients require different authentication flows to keep the authentication process secure.

Selecting Login Types

To select the allowed login types for your application, use the Login Types dropdown menu on the 'Adding OAuth Clients' screen. This menu provides various options for authentication methods.

You can select from the following login types:

To select multiple login types, click on the Login Types dropdown menu. A list of options will appear, each with a checkbox next to it. Simply check the boxes of the login types you want to enable for your application. This allows your application to support various user authentication methods.

Frequently Asked Questions

• What is token TTL?

  Token TTL (Time To Live) is the duration, in minutes, that a token remains valid before it expires.

• Can I edit an OAuth client?

  Yes, you can edit an OAuth client by accessing the developer dashboard and using the provided edit button the specific client you want to modify.

• What is a callback URL?

  A callback URL is a URL to which an OAuth server will redirect users after they have authenticated. At least one callback URL must be configured for an OAuth client.

• How can I delete an OAuth client?

  To delete an OAuth client, go to the developer dashboard, select the client you want to delete, and use the delete option provided.