HTTP > Make an OAuth 2.0 request module
In order to make an ÃÛ¶¹ÊÓƵ Workfront Fusion HTTP(S) request to servers that require an OAuth 2.0 authorization, you first need to create an OAuth connection. ÃÛ¶¹ÊÓƵ Workfront Fusion ensures that all calls made with this connection have the appropriate authorization headers and automatically refresh associated tokens when required.
Workfront Fusion supports the following OAuth 2.0 authentication flows:
- Authorization Code Flow
- Implicit Flow
Other flows, such as Resource Owner Password Credentials Flow and Client Credentials Flow, are not automatically supported through this module.
For more information on OAuth 2.0 authentication, see .
Access requirements
You must have the following access to use the functionality in this article:
To find out what plan, license type, or access you have, contact your Workfront administrator.
For information on ÃÛ¶¹ÊÓƵ Workfront Fusion licenses, see ÃÛ¶¹ÊÓƵ Workfront Fusion licenses
Creating a connection for an OAuth request
General instructions for creating a connection in the HTTP > Make an OAuth 2.0 request module
-
Create an OAuth client in the target service with which you want ÃÛ¶¹ÊÓƵ Workfront Fusion to communicate. This option is most likely found in the Developer section of the given service.
-
When creating a client, enter the appropriate URL in the
Redirect URL
orCallback URL
field:table 0-row-2 1-row-2 Americas / APAC https://app.workfrontfusion.com/oauth/cb/oauth2 EMEA https://app-eu.workfrontfusion.com/oauth/cb/oauth2 -
After you create the client, the given service displays 2 keys:
Client ID
andClient Secret
. Some services call theseApp Key
andApp Secret
. Save the key and secret in a secure location, so you can provide them when creating the connection in Workfront Fusion.
-
-
Find the
Authorize URI
andToken URI
in the API documentation of the given service. These are URL addresses through which Workfront Fusion communicates with the target service. The addresses serve for OAuth authorization.note note NOTE If the service uses Implicit flow, you will need only the Authorize URI
.note info INFO Example: Yahoo addresses: - Authorize URI:
https://api.login.yahoo.com/oauth2/request_auth
- Token URI:
https://api.login.yahoo.com/oauth2/get_token
-
(Conditional) If the target service uses scopes (access rights), check how the service separates individual scopes and make sure you set the separator in the advanced settings accordingly. If the separator is not set correctly, Workfront Fusion fails to create the connection, and you receive an invalid scope error.
-
After you complete the steps above, you can start to create the OAuth connection in Workfront Fusion. Add the OAuth 2.0 HTTP(S) request and response processing module to your scenario.
-
In the module’s Connection field, click Add.
-
Fill in the following fields to create a connection:
table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 5-row-2 6-row-2 7-row-2 8-row-2 9-row-2 10-row-2 11-row-2 12-row-2 13-row-2 14-row-2 15-row-2 16-row-2 layout-auto html-authored no-header Connection name Enter the name of the connection. Flow type Select the flow for obtaining tokens.
- Authorization Code: Enter the
Authorize URI
andToken URI
from the service's API documentation. - Implicit: Enter the
Authorize URI
from the service's API documentation.
Scope Add individual scopes. You can find this information in the given service's developer (API) documentation. Scope separator Select what the scopes entered above should be separated by. You can find this information in the given service's developer (API) documentation.
Warning: If the separator is not set correctly, Workfront Fusion fails to create the connection and you receive an invalid scope error.
Client ID Enter the Client ID. You obtained the Client ID when you created an OAuth client in the service you want to connect. Client Secret Enter the Client Secret. You obtained the Client Secret when you created an OAuth client in the service you want to connect. Authorize parameters Add any parameters that you want to include in the authorization call. The following standard parameters are always automatically included and do not need to be added.
Standard parameters:
-
response_type
code
for Authorization Code flow andtoken
for Implicit flow -
redirect_uri
table 0-row-2 1-row-2 layout-auto html-authored no-header Americas / APAC https://app.workfrontfusion.com/oauth/cb/oauth2 EMEA https://app-eu.workfrontfusion.com/oauth/cb/oauth2 -
client_id
The Client ID you received when creating the account
Access token parameters Add any parameters that you want to include in the token call. The following standard parameters are always automatically included and do not need to be added.
Standard parameters:
-
grant_type:
authorization_code
-
redirect_uri:
table 0-row-2 1-row-2 layout-auto html-authored no-header Americas / APAC https://app.workfrontfusion.com/oauth/cb/oauth2 EMEA https://app-eu.workfrontfusion.com/oauth/cb/oauth2 -
client_id: The Client ID you received when creating the account is automatically included in the request body
-
client_secret: The Client Secret you received when creating the account is automatically included in the request body
-
code: The code returned by the authorization request
Note:
The OAuth 2.0 standard supports at least 2 methods of client authentication during this step (
client_secret_basic
andclient_secret_post
). Workfront Fusion automatically sends the specified client ID and secret through theclient_secret_post
method. Therefore, these parameters are included as part of the token request body automatically.For more information on OAuth 2.0 authentication, see .
Refresh token parameters Add any parameters that you want to include in the token call. The following standard parameters are always automatically included and do not need to be added.
Standard parameters:
-
grant_type:
refresh_token
-
refresh_token: The most recent refresh token obtained by the service you are connecting to
-
client_id: The Client ID you received when creating the account is automatically included in the request body
-
client_secret: The Client Secret you received when creating the account is automatically included in the request body
Note:
The OAuth 2.0 standard supports at least 2 methods of client authentication during this step (
client_secret_basic
andclient_secret_post
). Workfront Fusion automatically sends the specified client ID and secret through theclient_secret_post
method. Therefore, these parameters are included as part of the token request body automatically.For more information on OAuth 2.0 authentication, see .
Custom Headers Specify any additional keys and values to include in the header of Token and Refresh Token steps.
Note:
The OAuth 2.0 standard supports at least 2 methods of client authentication during this step (
client_secret_basic
andclient_secret_post
). Workfront Fusion does not automatically support theclient_secret_basic
method. If the service that you are connecting to expects the Client ID and Client Secret to be combined into a single string and then base64 encoded into the Authorization header, then you should add that header and key value here.For more information on OAuth 2.0 authentication, see .
Token placement Select whether to send the token in the header, query string, or in both when connecting to the specified URL.
Tokens are most commonly sent in the request header.
Header token name Enter the name of the authorization token in the header. Default: Bearer
.Query string parameter name Enter the name of the authorization token in the query string. Default: access_token
. - Authorization Code: Enter the
-
Click Continue to save connection settings.
-
Continue to OAuth 2.0 request module setup.
Instructions for creating a connection to Google in the HTTP >Make an OAuth 2.0 request module
The following example shows how to use the HTTP > Make an OAuth 2.0 request module to connect to Google.
-
Ensure that you have created a project, configured OAuth settings, and generated your credentials as described in Connect ÃÛ¶¹ÊÓƵ Workfront Fusion to Google Services using a custom OAuth client.
-
Open the HTTP >Make an OAuth 2.0 request module.
-
Click Add next to the connection box.
-
Enter the following values:
table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 5-row-2 6-row-2 7-row-2 8-row-2 layout-auto html-authored no-header Connection name Enter the name of the connection. Flow type Authorization Code Authorize URI https://accounts.google.com/o/oauth2/v2/auth
Token URI https://www.googleapis.com/oauth2/v4/token
Scope Add individual scopes. For more information on scopes, see in the Google documentation. Scope separator SPACE Client ID Enter your Google Client ID.
To create a client ID, see Create OAuth Credentials in Connect ÃÛ¶¹ÊÓƵ Workfront Fusion to Google Services using a custom OAuth client.
Client Secret Enter your Google Client Secret.
To create a client secret, see Create OAuth Credentials in Connect ÃÛ¶¹ÊÓƵ Workfront Fusion to Google Services using a custom OAuth client.
Authorize parameters Add
access_type
-offline
key-value pair.Note: If you experience authentication issues, for example with token refreshing, try adding the
prompt
-consent
key-value pair. -
Click Continue to save connection settings.
-
Continue to OAuth 2.0 request module setup.
Instructions for connecting to Microsoft Graph API via the HTTP > Make an OAuth 2.0 request module
For instructions regarding Microsoft Graph API, see Call the MS Graph REST API via the ÃÛ¶¹ÊÓƵ Workfront Fusion HTTP > Make an OAuth 2.0 request module.
OAuth 2.0 request module setup
When you have established an Oauth 2.0 connection as described in Creating a connection for an OAuth request, continue setting up the module as desired. All authorization tokens are automatically included in this request, and in any other request that uses the same connection.
When you configure the HTTP >Make an OAuth 2.0 request module, Workfront Fusion displays the fields listed below. A bolded title in a module indicates a required field.
If you see the map button above a field or function, you can use it to set variables and functions for that field. For more information, see Map information from one module to another in ÃÛ¶¹ÊÓƵ Workfront Fusion.