Skip to main content

Add OAuth 2.0 Application

This section provides step-by-step instructions for creating a OAuth 2.0 application in Monokee. By following these instructions, you can configure the integration between a Client and one of the Authorization Provider defined in your Monokee domain using OAuth 2.0. This will allow your users to release permission to the client, simplifying and improving authorization management.

The following steps will guide you through the process of setting up a OAuth 2.0 application:

  1. Navigate to your Monokee custom fully qualified domain name (FQDN) or if you haven't set up a custom FQDN, go to Monokee's default page and enter your domain ID. Then, enter your login credentials to access your account.

  2. Open the left sidebar and select Applications from the menu.

  3. This will display a list of applications. To create a new application, click the Add button located in the top right corner of the table. Then, select OAuth Application and click Add.

  4. Monokee will open the General Configuration step. Refer to the generic section of the application documentation for instructions on how to configure this section.

  5. Click Next to proceed to the Client configurations step.

  6. From the radio button, select OAuth option.

  7. If you need to generate a refresh token, enable the check Require refresh token.

  8. From the Provider name select, choose the provider you want to use with this Client. For example choose the Default OAuth 2.0 Provider defined in the Add OAuth 2.0 Provider section.

  9. Insert a Client ID and a Client secret that will be used as credentials for your Client. An example of these items is 42afd6e4-7003-4659-a740-c8736c0777b7 and !RRU6eOwl6*E6LQm.

  10. From the Grant types select, choose the grant types to make available. The values present depends on the provider selected before at step 8. For example for an authorization code grant type, choose authorization_code.

  11. Select the Token endpoint authentication methods among those available. As for the previous step, values present in the select depends on the provider selected. You can use client_secret_basic to send client credentials with Basic authentication.

  12. Fill in the Redirect URLs with one or more urls that can be used as redirect url to receive authorization code or, if implicit grant type is used, access token. The redirect uri is mandatory because Authorization Code flow has been selected in step 10. An example is https://example.org. Usually the redirect uri must be a valid url of your web application.

  13. In the Authentication section you can choose the flow that will protect the application, for a basic configuration, you can choose the default login flow of your domain.

  14. In the Consent section, you can decide whether to enable consent and, if so, specify the consent flow that will be used. This field is optional and for a basic configuration you can select the checkbox Skip the consent screen to enable consent skip.

  15. The section below Duration token/code (seconds), allows you to specify the duration in seconds of tokens and codes. If you don't have any special needs regarding the duration of the tokens, you can keep the default values.

  16. The last card Scopes is dedicated to the definition of the scopes relating to the access token. In the Scope field you will find the scopes defined in the selected provider. For example you can choose the test scope, whereas the Default Scopes field can be kept empty.

  17. Click the bottom right corner Create button to create the application.

  18. You can assign the application to an user as explained in the user management section and access to it using the authorization endpoint https://(new.monokee.com|<domain-custom-fqdn>)/oauth2/<provider-id>/authorize?redirect_uri=https%3A%2F%2Fexample.org&client_id=42afd6e4-7003-4659-a740-c8736c0777b7&response_type=code&scope=test&state=<randomvalue>. To retrieve the application id for a newly created application, you can visit the application's page and look at the last portion of the browser URL. To retrieve the full url, you can visit the page of the OAuth provider configuration, select the provider you are using, and, in the ADVANCED tab, copy the Authorization endpoint value. Remember that to allow an user to grant a scope to a client you must assign the scope to the user as explain the user management section.