Registering and adding clients

1. Select Settings > OAuth 2.0 > Client Registration > Add New Client.
2. On the Add New Client dialog box, complete the following fields. Required fields are marked with an asterisk on the screen.

   Name

   Type the name of the client. You cannot create clients with the same Name and Version combination. You cannot modify the client name after the client is saved. Client names are not case-sensitive.

   Description

   Type a description of the client.

   Client ID

   The Client ID field appears only when you update a client. It is a client identifier that is issued to the client to identify itself to the authorization server. It is used when tokens are generated.

   Client Secret

   The Client Secret field appears only when you update a client. It is a secret matching to the client identifier and is used when tokens are generated. It is not generated if the Client Type is Public.

   Authorization Endpoint

   View the authorization URL that must be provided when tokens are generated. See the Generating Tokens section for more information.

   Token Endpoint

   View the Access Token URL that must be provided when tokens are generated. See the Generating Tokens section for more information.

   Refresh Token Endpoint

   View the Refresh Token URL that must be provided when Access Tokens are refreshed. See the Refreshing Access Tokens Using Refresh Tokens section for more information.

   Version

   Type the version number of the client. You cannot create clients with the same Name and Version combination.

   Type

   Select the type of the client according to its ability to communicate with webMethods Integration.

   Confidential. Select Confidential when the OAuth session uses the following grants:

   • Authorization Code Grant
   • Client Credentials Grant
   • Resource Owner Password Credentials Grant

   This client can maintain secure client authentications. When you select a client type as Confidential: webMethods Integration generates a client secret. The webMethods Integration requires the client secret when the client makes requests to the OAuth services.

   . Select Public when the OAuth session uses the Implicit Grant type. This client is not capable of maintaining secure client authentications.

   Redirection URLs

   Specify the URLs that webMethods Integration can use to redirect the resource owner’s browser during the grant process. You can add more than one redirection URL by clicking the + icon. If you select the Authorization Code Grant or the Implicit Grant types, you must enter at least one Redirection URL for the client.

   Allowed Grants

   Select the type of grant flow required by the client.

   Expiration Interval

   Select the length of time (in seconds) that the access token is valid.

   Never Expires. It indicates that the access token never expires. The Token Management page displays the Lifetime for that token.

   Expires In: Specify the number of seconds the access token is valid.

   Refresh Count

   Select the number of times the access token can be refreshed.

   Unlimited. Refresh the access token an unlimited number of times by using the refresh token. The Token Management page displays Unlimited for that refresh token.

   Limited. Specify the number of times to refresh the access token. The Token Management page displays the Refresh Count for that refresh token. If you specify 0 or leave the field empty, a refresh token is notissued.

   Note: Tokens can be refreshed only when Authorization Code Grant flow is used.

3. Click Add to add the client on the Client Registration page.
4. On the Client Registration page, if you want to associate scopes with a client, for a client, click the Associate OAuth Scopes icon. The Associated Scopes with ClientName(Version) page appears. The Associated Scopes with ClientName(Version) page displays the already associated scopes with the selected client.

   On the Associated Scopes with Client Name (Version) page to associate existing scopes with the client, select Associate Existing Scopes.

   On the Select Scopes to Associate with Client Name (Version) dialog box, select the existing scopes to associate with the client and then select Associate.

   The newly associated scopes appear in the Associated Scopes with Client Name (Version) page.

   To create a new scope and associate it with the selected client, select Associate New Scope. Create the scope and select the services to add as Service URLs as described in the Managing Scopes section. The new scope is associated with the selected client.

   To disassociate a scope from a client, select the scope on the Associated Scopes with Client Name (Version) page and then click Disassociate Selected Scopes.

When you delete a client, all the access tokens and refresh tokens for the client are also deleted in webMethods Integration.

• To deactivate a client, move the Status slider on the Client registration page.
  When you deactivate a client, all the access tokens and refresh tokens for the client become invalid. You can activate a deactivated client.
• To delete a client, click delete from Action(s) column.