Skip to main content

Manage OAuth 2.0 clients

Zuora

Manage OAuth 2.0 clients

This article describes creating or deleting OAuth 2.0 clients that provide client credentials. You can use these credentials to request access tokens for the OneID SCIM API following the OAuth 2.0 authorization flow.

You can create two types of clients:

  • Client Credentials: used in the OAuth 2.0 authorization flow with client credentials grant type.
    If you want to manage users or user groups in OneID through the SCIM API, you should create a client of this type.
  • Authorization Code Grant Type: used in the OAuth 2.0 authorization flow with authorization code grant type.
    If you want to manage users or user groups in OneID through an identity provider (IdP) following the authorization code flow (for example, Okta), you should create a client of this type.

Create an OAuth 2.0 client for client credentials grant type

To create a client for OAuth 2.0 client credentials grant type, take the following steps:

  1. Click your avatar in the upper right of the OneID portal and then click Settings. The Settings page opens.
  2. Click Manage OAuth 2.0 Clients.
  3. On the Manage OAuth 2.0 Clients page, click New. The New OAuth 2.0 Client window opens.
  4. Specify the following fields:
    • Name: Enter a name for the client.
    • Type: Select Client Credentials from the dropdown list.
  5. Click Save. After the client is created successfully, a window with the client ID and client secret opens.
  6. Note down the client ID and client secret. The client secret is displayed only once. You need to create an OAuth 2.0 client again if you forget it.
    You will need them to request access tokens for the OneID SCIM API. 

Create an OAuth 2.0 client for authorization code grant type

To create a client for OAuth 2.0 authorization code grant type, take the following steps:

  1. Click your avatar in the upper right of the OneID portal and then click Settings. The Settings page opens.
  2. Click Manage OAuth 2.0 Clients.
  3. On the Manage OAuth 2.0 Clients page, click New. The New OAuth 2.0 Client window opens.
  4. Specify the following fields:
    • Name: Enter a name for the client.
    • Type: Select Authorization Code Grant Type from the dropdown list.
    • App Name: Unique identifier of the Okta app that appears in the App Embed link.
      clipboard_e54ea3eef608e9fb3b2654430e548a23a.png
    • Idp Provider: Select your IdP from the dropdown list.
    • Scopes: Select the authorization scope from the dropdown list.
  5. Click Save. After the client is created successfully, a window with the client ID and client secret opens.
  6. Note down the client ID and client secret. This is the only time you can see the client secret.
    Your IdP needs them to request authorization codes and access tokens for the OneID SCIM API.

Delete an OAuth 2.0 client

To delete an OAuth 2.0 client in OneID, take the following steps:

  1. Click your avatar in the upper right of the OneID portal and then click Settings. The Settings page opens.
  2. Click Manage OAuth 2.0 Clients.
  3. Find the client you want to delete on the Manage OAuth 2.0 Clients page, and click the trash can icon delete.png to the right of that client.

After a client is deleted successfully, you can find it removed from the table.