Product Selector

Fusion 5.9
    Fusion 5.9

    Web V2 connector OAuth access token configuration

    The Web V2 connector v1.4.0 added the ability to authenticate using OAuth.

    Example with PingFederate

    This example uses Client Credentials Grant Type and a basic configuration.

    1. Create new app in PingIdentity.

    2. Edit the app configuration:

      1. Check Client Credentials Grant Type.

      2. Set Token Endpoint Authentication Method to Client Secret Post.

    3. Enable the app by clicking on the toggle button to the right of the app name.

    4. Go to the Configuration tab and click Get Access Token. At this point it will probably show an error about scope. Fix it by adding a scope, such as testScope.

    5. Click the Get Access Token button again under the Configuration tab. It should generate and display your access token.

    6. Go to the Configuration tab and click URLs. Copy the Token Endpoint URL for further use.

    7. You can view a sample of Client Credentials Grant Type access token request in the PingIdentity documentation. In this example the access token request is:

      $ curl -X POST "https://auth.pingone.com/ENV_ID/as/token"
      -d "grant_type=client_credentials&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&scope=testScope" --header "Content-Type:application/x-www-form-urlencoded"
      {
        "access_token" : "ACCESS_TOKEN",
        "token_type" : "Bearer",
        "expires_in" : 3600,
        "scope" : "testScope"
      }
    8. In Fusion, go to CRAWL AUTHENTICATION PROPERTIES in the datasource configuration and fill in the ACCESS TOKEN section by adding the URL and parameters of the request. Replace CLIENT_ID with your own client ID.

      • ACCESS TOKEN REQUEST URL: https://auth.pingone.com/ENV_ID/as/token

      • PARAMETER NAME | PARAMETER VALUE: grant_type | client_credentials

      • PARAMETER NAME | PARAMETER VALUE: client_id | CLIENT_ID

      • PARAMETER NAME | PARAMETER VALUE: scope | testScope

    Example with Microsoft Azure AD

    1. In Microsoft Entra ID, go to App Registrations and register a new app.

    2. Go to your app and click Certificates & secrets and add a client secret.

    3. Copy the client secret Value for further use.

    4. View the Microsoft documentation for a request to get access token. In this example, we use the client credentials grant type:

      $ curl -X POST "https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/token"
      -d "client_id=CLIENT_ID&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=CLIENT_SECRET&grant_type=client_credentials"
      -H "Content-Type: application/x-www-form-urlencoded"
      {"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"ACCESS_TOKEN"}
    5. Copy the endpoint URL and the parameters to the CRAWL AUTHENTICATION PROPERTIES > ACCESS TOKEN section in the datasource configuration in Fusion. Replace CLIENT_ID with your own client ID.

      • ACCESS TOKEN REQUEST URL: https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/token

      • PARAMETER NAME | PARAMETER VALUE: grant_type | client_credentials

      • PARAMETER NAME | PARAMETER VALUE: client_id | CLIENT_ID

      • PARAMETER NAME | PARAMETER VALUE: scope | https://graph.microsoft.com/.default