Creating OAuth Client Connection for ThingWorx

PingFederate as the Central Auth Server > Configuring the Central Auth Server – PingFederate > Create OAuth Clients for PTC Products > Creating OAuth Client Connection for ThingWorx

This client is a connection point for PingFederate to provide access tokens to ThingWorx. ThingWorx then uses these access tokens to request OAuth-protected resources from resource servers. To create and configure an OAuth Client for ThingWorx as a service provider, complete the following steps:

1. On the Applications page, locate the OAuth Clients section and click Add Client.

2. Enter a Client ID. This will be used as the AuthorizationServerSettings.<AuthServerId>.clientId setting when configuring the ThingWorx platform-settings.json file.

3. Select Client Secret, select the CHANGE SECRET checkbox, and enter a client secret value in the CLIENT SECRET field. Make a note of this value because it will be used in the AuthorizationServerSettings.<AuthServerId>.clientSecret setting when configuring the ThingWorx platform-settings.json file.

4. In the Name field, enter a descriptive value. This is displayed in the PingFederate Clients list.

5. Enter a Description.

6. In the Redirect URIS section, enter your ThingWorx server redirect URI and click Add. This would be similar to http OR https://<myserver>:<myport>/Thingworx/oauth2_authorization_code_redirect. The value for <myserver> is the FQDN of your ThingWorx server.

• If you have configured ThingWorx to operate in a High Availability (HA) environment, specify this value as http://<Load balancer server>:<Load balancer port>/Thingworx/oauth2_authorization_code_redirect.

• If you have installed ThingWorx Flow on a ThingWorx instance that you are configuring for SSO, specify this value as https://<ThingWorx Flow Nginx host-name>:<ThingWorx Flow Nginx port-number>/Thingworx/oauth2_authorization_code_redirect.

• If ThingWorx Flow is using an OAuth connector, for example, Windchill as a resource server or ThingWorx as a resource server, then you must also provide the OAuth redirect URI as https://<ThingWorx Flow Nginx host-name>:<ThingWorx Flow Nginx port-number>/Thingworx/Oauths/oauth/return.

7. In the Allow Grant Types section, select Refresh Token, Authorization Code, Client Credentials (required for Oauth M2M), and Access Token Validation (Client is a Resource Server).

8. In the Persistent Grants MAX LIFETIME section, select Grants Do Not Expire.

9. In the Refresh Token Rolling Policy setting, select Roll.

10. Click Save to save the client.

Was this helpful?