HTTP Client Authorization Configuration

You can set up the HTTP Client Authorization Configuration connection from the Connections tab to add authentication and authorization to your Flogo apps. To enable the connection you have set up, refer to the InvokeRESTService Activity.

The connection has the following fields:

Field Description
Name Enter a name for the connection.
Description (optional) Enter a description for the connection.
Authorization Type

Select an authentication type.

The connection supports two types of authorization:

  • Basic

  • OAuth2

If you select Basic as the Authorization Type, the following fields are displayed:
User Name Enter a username for the connection.
Password (optional)

Enter a password for the connection.

Some services can send authentication data with user name only. In such cases, you need not provide any password.
If you select OAuth2 as the Authorization Type, the following fields are displayed:
Grant Type

Indicates the method by which an app can obtain an access token.

Select one of the following supported types:

  • Authorization Code

  • Client Credentials

Callback URL

The connection is redirected to this URL after authorization. Your app's callback URL must match this URL.

The URL is read-only.
Auth URL

Authorization server API endpoint. For example, the Google authorization URL is: https://accounts.google.com/o/oauth2/v2/auth

This field is an app-property enabled field.
Additional Auth URL Query Parameters (optional)

Additional query parameters to get the refresh token based on the service you request for. For example: 

access_type=offline&prompt=consent

token_access_type=offline

Access Token URL

The token API endpoint used to get access tokens. For example:

  • Google:
    https://oauth2.googleapis.com/token
  • Salesforce: https://login.salesforce.com/services/oauth2/token

This field is an app-property enabled field.
Client Id

The client id of the OAuth2 app. You can change this value at runtime.

This field is an app-property enabled field.
Client Secret

The client secret of the OAuth2 app. You can change this value at runtime.

This field is an app-property enabled field.
Scope

Specifies the level of access that the app is requesting. You can specify multiple space-delimited values. For example:

Salesforce - chatter_api refresh_token

Audience

The unique identifier of the audience for an issued token.

The audience value is an app client ID for an ID token or the API that is being called for an access token.

This field is an app-property enabled field.
Client Authentication

The method by which authentication parameters are sent. Based on the service request, you can send authentication parameters in Header, Body, or Query.

  • Header - Indicates sending authentication parameter through headers.

  • Body - Indicates sending authentication parameters through the body with application/x-www-form-urlencoded.

  • Query - Indicates sending authentication parameters through query parameters.
Token

Indicates the token which is Base64 encoded value with app property enabled.

This field is read-only.
Note: For refresh tokens:
The Flogo authorization connection only supports standard OAuth2 workflow.

The OAuth 2.0 service provider must also return refresh tokens when you obtain an access token from the OAuth flow. For information on obtaining refresh tokens, refer to your OAuth 2.0 provider. You can then add this information in the Additional Auth URL Query Parameters field or the Scope field. This is necessary for long-running Flogo apps where the access tokens might expire.

The refresh token operation only happens when the server returns HTTP status code 401.