Creating OAuth Client Connection for ThingWorx
This client is a connection point for PingFederate to provide access tokens to ThingWorx. ThingWorx then uses these access tokens to request OAuth-protected resources from resource servers. To create and configure an OAuth Client for ThingWorx as a service provider, complete the following steps:
1. On the OAuth Server page, locate the Clients section and click Create New.
2. Enter a Client ID. This will be used as the AuthorizationServerSettings.<AuthServerId>.clientId setting when configuring the ThingWorx sso-settings.json file.
3. Select Client Secret and enter a client secret value. Make a note of this value because it will be used in the AuthorizationServerSettings.<AuthServerId>.clientSecret setting when configuring the ThingWorx sso-settings.json file.
4. In the Name field, enter a descriptive value. This is displayed in the PingFederate Clients list.
5. Enter a Description.
6. In the Redirect URIS section, enter your ThingWorx server redirect URI. This would be similar to http OR https://<myserver>:<myport>/Thingworx/oauth2_authorization_code_redirect. The value for <myserver> is the FQDN of your ThingWorx server.
|
• If you have configured ThingWorx to operate in a High Availability (HA) environment, specify this value as http://<Load balancer server>:<Load balancer port>/Thingworx/oauth2_authorization_code_redirect.
• If you have installed ThingWorx Flow on a ThingWorx instance that you are configuring for SSO, specify this value as https://<ThingWorx Flow Nginx host-name>:<ThingWorx Flow Nginx port-number>/Thingworx/oauth2_authorization_code_redirect.
• If ThingWorx Flow is using an OAuth connector, for example, Windchill as a resource server or ThingWorx as a resource server, then you must also provide the OAuth redirect URI as https://<ThingWorx Flow Nginx host-name>:<ThingWorx Flow Nginx port-number>/Thingworx/Oauths/oauth/return.
|
7. In the Allow Grant Types section, select Refresh Token, Authorization Code, and Access Token Validation (Client is a Resource Server).
8. In the Persistent Grants Expiration section, select Grants Do Not Expire.
9. In the Refresh Token Rolling Policy setting, select Roll.