Configuring and Loading OAuths
Before you create an OAuth connector for any third-party service or utility, you must load its OAuth provider to the ThingWorx Flow server. The sample OAuth configuration JSON file template is available in the oauthConfigurations parameter of the LoadOAuthConfiguration service in ThingWorx Composer. The following is a high-level overview of the process of loading OAuths:
1. Create an application on the third-party system.
2. Retrieve the client ID-client secret pair from the application, and add it to the sample OAuth configuration JSON file. Add values of any additional parameters that are required for the OAuth configuration.
To remove OAuth settings for any third-party service or utility, you need to remove its entire JSON object. For example, to remove the OAuth settings for Gmail, remove the following JSON object:
"google_gmail": {
"Gmail": {
"CLIENT_ID": "<Client ID>"
"CLIENT_SECRET": "<Secret>"
}
},
"Gmail": {
"CLIENT_ID": "<Client ID>"
"CLIENT_SECRET": "<Secret>"
}
},
If you have removed a JSON object for any third-party service or utility, and want to add its OAuth settings later, add the JSON code snippet from the sample OAuth configuration JSON file template, and provide required values for OAuth configuration.
 |
The sample configuration file contains connector configuration values that represent the third-party service or utility. For example, for Gmail, do not modify google_gmail in the JSON object. To add multiple OAuth providers for Gmail, for example, Gmail-1 and Gmail-2, add the following JSON object to the sample file:
{
"google_gmail": { "Gmail-1": { "CLIENT_ID": "<client id for Gmail - 1 account here>", "CLIENT_SECRET": "<client secret for Gmail - 1 account here>" }, "Gmail-2": { "CLIENT_ID": "<client id for Gmail - 2 account here>", "CLIENT_SECRET": "<client secret for Gmail - 2 account here>" } } } |
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
The following table provides the services and utilities for which ThingWorx Flow supports OAuth and their respective connector configuration values:
|
Service or Utility
|
Connector Configuration Value
|
|---|---|
|
azure
|
|
|
bitly
|
|
|
box
|
|
|
dropbox
|
|
|
dynamics365
|
|
|
excel
|
|
|
github
|
|
|
google_gmail
|
|
|
google_drive
|
|
|
google_form
|
|
|
google_sheet
|
|
|
google_task
|
|
|
google_translator
|
|
|
integrity
|
|
|
odata
|
|
|
microsoft_365
|
|
|
onedrive
|
|
|
salesforce
|
|
|
servicemax
|
|
|
slack
|
|
|
soap
|
|
|
swagger
|
|
|
trello
|
|
|
windchill
|
|
|
youtube
|
|
|
zendesk
|
Configuring and Loading OAuths for Services and Utilities
Azure
Perform the following steps every time you want to add an OAuth provider for an Azure application:
1. Create an Azure application.
While creating the application, set appropriate values of the following parameters:
▪ API Permissions—Azure Service Management.
▪ Redirect URI—Enter ThingWorx Flow return URL in the https://<HostName:Port>/Thingworx/Oauths/oauth/return format.
2. To add an OAuth provider for Azure, provide the following values in the OAuth configuration JSON file:
|
Parameter
|
Description
|
Value
|
|---|---|---|
|
CLIENT_ID
|
Specifies the client identifier to use for validation access tokens from the authorization server.
|
Retrieve the value from your Azure application.
|
|
CLIENT_SECRET
|
Client secret value.
|
Retrieve the value from your Azure application.
|
"azure": {
"Azure": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
"Azure": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Bitly
Perform the following steps every time you want to add an OAuth provider for a Bitly app:
1. Create a Bitly app.
While creating the app, set the Redirect URI to a ThingWorx Flow return URL in the https://<HostName:Port>/Thingworx/Oauths/oauth/return format.
2. To add an OAuth provider for Bitly, provide the following values in the OAuth configuration JSON file:
|
Parameter
|
Description
|
Value
|
|---|---|---|
|
CLIENT_ID
|
Specifies the client identifier to use for validation access tokens from the authorization server.
|
Retrieve the value from your Bitly app.
|
|
CLIENT_SECRET
|
Client secret value.
|
Retrieve the value from your Bitly app.
|
"bitly": {
"Bitly": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
"Bitly": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Box
Perform the following steps every time you want to add an OAuth provider for a Box app:
1. Create a Box app.
While creating the app, set appropriate values of the following parameters:
▪ Application Scopes—Select all scopes.
▪ Redirect URI—Enter ThingWorx Flow return URL in the https://<HostName:Port>/Thingworx/Oauths/oauth/return format.
The following video demonstrates the steps required to enable OAuth configuration for Box:
2. To add an OAuth provider for Box, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your Box app. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your Box app. |
"box": {
"Box": {
"CLIENT_SECRET": "client secret here>",
"CLIENT_ID": "<client id here>"
}
}
"Box": {
"CLIENT_SECRET": "client secret here>",
"CLIENT_ID": "<client id here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Dropbox
Perform the following steps every time you want to add an OAuth provider for a Dropbox app:
While creating the app, set appropriate values for the following parameters:
▪ API—Select Dropbox API.
▪ Type of access—Full Dropbox.
▪ Redirect URI—Enter ThingWorx Flow return URL in the https://<HostName:Port>/Thingworx/Oauths/oauth/return format.
2. To add an OAuth provider for Dropbox, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your Dropbox app. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your Dropbox app. |
"dropbox": {
"Dropbox": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
"Dropbox": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Dynamics 365 CRM
Perform the following steps every time you want to add an OAuth provider for a Dynamics 365 CRM application:
1. Create an Azure Active Directory application.
While creating the app, set the Redirect URI to a ThingWorx Flow return URL in the https://<HostName:Port>/Thingworx/Oauths/oauth/return format.
2. To add an OAuth provider for Dynamics 365 CRM, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your Azure application. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your Azure application. |
"dynamics365": {
"Dynamics365": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
"Dynamics365": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Excel Online, Office 365, OneDrive
Perform the following steps every time you want to add an OAuth provider for an Excel Online, Office 365, or OneDrive application:
1. Create an Azure application.
While creating the application, set appropriate values of the following parameters:
▪ API Permissions—Azure Service Management.
▪ Redirect URI—Enter ThingWorx Flow return URL in the https://<HostName:Port>/Thingworx/Oauths/oauth/return format.
2. To add an OAuth provider for Excel Online, Office 365, or OneDrive, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your Azure application. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your Azure application. |
Excel Online "excel": { "Excel Online": { "CLIENT_SECRET": "<client secret here>", "CLIENT_ID": "<client id here>" } } | Office 365 "microsoft_365": { "Office 365": { "CLIENT_SECRET": "<client secret here>", "CLIENT_ID": "<client id here>" } } | OneDrive "onedrive": { "OneDrive": { "CLIENT_SECRET": "<client secret here>", "CLIENT_ID": "<client id here>" } } |
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Github
Perform the following steps every time you want to add an OAuth provider for a GitHub app:
1. Create a Github OAuth app.
While creating the app, set the Authorization callback URL to a ThingWorx Flow return URL in the https://<HostName:Port>/Thingworx/Oauths/oauth/return format.
2. To add an OAuth provider for Github, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your Github app. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your Github app. |
"github": {
"Github": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
"Github": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Gmail, Google Drive, Google Forms, Google Sheets, Google Tasks, Google Translator, YouTube
Perform the following steps every time you want to add an OAuth provider for a Google app:
While creating the app, provide the redirect URI as a ThingWorx Flow return URL, such as https://<HostName:Port>/Thingworx/Oauths/oauth/return.
2. To add an OAuth provider for your Google app, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your Google app. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your Google app. |
Gmail "google_gmail": { "Gmail": { "CLIENT_SECRET": "<client secret here>", "CLIENT_ID": "<client id here>" } } | Google Drive "google_drive": { "Google Drive": { "CLIENT_SECRET": "<client secret here>", "CLIENT_ID": "<client id here>" } } |
Google Form "google_form": { "Google Form": { "CLIENT_SECRET": "<client secret here>", "CLIENT_ID": "<client id here>" } } | Google Sheet "google_sheet": { "Google Sheet": { "CLIENT_SECRET": "<client secret here>", "CLIENT_ID": "<client id here>" } } |
Google Task "google_task": { "Google Tasks": { "CLIENT_SECRET": "<client secret here>", "CLIENT_ID": "<client id here>" } } | Google Translator "google_translator": { "Google Translator": { "CLIENT_SECRET": "<client secret here>", "CLIENT_ID": "<client id here>" } } |
Youtube "youtube": { "Youtube": { "CLIENT_SECRET": "<client secret here>", "CLIENT_ID": "<client id here>" } } |
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Integrity Lifecycle Manager
Perform the following steps every time you want to add an OAuth provider for an Integrity Lifecycle Manager server:
2. To add an OAuth provider for Integrity Lifecycle Manager, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your PingFederate OAuth client. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your PingFederate OAuth client. |
BASE_URL | Specifies PingFederate OAuth URL. | https://<Pingfederate FQDN>:<Port>/as |
"integrity": {
"integrity": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>",
"base_url": "<base url here>"
}
}
"integrity": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>",
"base_url": "<base url here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
OData
Perform the following steps every time you want to add an OAuth provider for your OData instance:
1. Configure OAuth on your OData instance.
2. As per your OAuth configuration, provide values in the OAuth configuration JSON file. Refer sample config.json. The following are example values that you might provide for loading OAuths:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your OAuth application. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your OAuth application. |
VALIDATE_URL | Specifies the URL used to validate the access token. | Retrieve the value from your OAuth client. |
REFRESH_URL | Specifies the URL to be used to obtain access tokens. | Retrieve the value from your OAuth client. |
TOKEN_URL | Provides the access token. | Retrieve the value from your OAuth client. |
AUTH_URL | Specifies the OAuth endpoint for token requests. | Retrieve the value from your OAuth client. |
{
"name": "odata",
"created_at": "2017-02-27T09:26:46.890Z",
"updated_at": "2017-02-27T09:26:46.890Z",
"uid": "oaufe1978bc9e71d999ef2ba4",
"icon": "odata",
"version": "v1",
"__v": 0,
"title": "Dynamics 365",
"oauth2_include": [
"{\"resource\":\"{resource}\"}"
],
"oauth2_required": [
{
"title": "Tenant ID",
"id": "tenant",
"default": "common",
"description": "Enter Dynamics 365 tenant id, leave it common if you don't have it"
},
{
"title": "Resource URL",
"id": "resource",
"description": "Enter Dynamics 365 resource URL, eg: https://example.crm5.dynamics.com"
}
],
"oauth2_params_scope": [
"{\"user_impersonation\":\"User Impersonation\"}"
],
"oauth2_refresh_data": [
"{\"client_secret\":\"{client_secret}\"}",
"{\"grant_type\":\"refresh_token\"}",
"{\"client_id\":\"{client_id}\"}",
"{\"resource\":\"{resource}\"}",
"{\"refresh_token\":\"{refresh_token}\"}"
],
"oauth2_refresh_url": "/token",
"oauth2_token_data": [
"{\"redirect_uri\":\"{redirect_uri}\"}",
"{\"client_id\":\"{client_id}\"}",
"{\"client_secret\":\"{client_secret}\"}",
"{\"resource\":\"{resource}\"}",
"{\"grant_type\":\"authorization_code\"}"
],
"oauth2_token_url": "/token",
"oauth2_auth_query": [
"{\"client_id\":\"{client_id}\"}",
"{\"response_type\":\"code\"}",
"{\"resource\":\"{resource}\"}",
"{\"scope\":\"{scope}\"}",
"{\"prompt\":\"login\"}",
"{\"redirect_uri\":\"{redirect_uri}\"}"
],
"oauth2_auth_url": "/authorize",
"oauth2_no_state": false,
"env_pre_prod_params": [
"{\"client_id\":\"{{{pre_prod.CLIENT_ID}}}\"}",
"{\"client_secret\":\"{{{pre_prod.CLIENT_SECRET}}}\"}",
"{\"redirect_uri\":\"{OAUTH_ENDPOINT_OAUTH_RETURN}\"}"
],
"env_production_params": [
"{\"redirect_uri\":\"{OAUTH_ENDPOINT_OAUTH_RETURN}\"}",
"{\"client_id\":\"{{{production.CLIENT_ID}}}\"}",
"{\"client_secret\":\"{{{production.CLIENT_SECRET}}}\"}"
],
"env_staging_params": [
"{\"redirect_uri\":\"{OAUTH_ENDPOINT_OAUTH_RETURN}\"}",
"{\"client_id\":\"{{{staging.CLIENT_ID}}}\"}",
"{\"client_secret\":\"{{{staging.CLIENT_SECRET}}}\"}"
],
"env_development_params": [
"{\"client_id\":\"{{{development.CLIENT_ID}}}\"}",
"{\"client_secret\":\"{{{development.CLIENT_SECRET}}}\"}",
"{\"redirect_uri\":\"{OAUTH_ENDPOINT_OAUTH_RETURN}\"}"
],
"env_local_params": [
"{\"client_id\":\"{{{local.CLIENT_ID}}}\"}",
"{\"client_secret\":\"{{{local.CLIENT_SECRET}}}\"}",
"{\"redirect_uri\":\"{OAUTH_ENDPOINT_OAUTH_RETURN}\"}"
],
"base_url": "https://login.microsoftonline.com/{tenant}/oauth2",
"oauth_type": "OAuth2",
"development_phase": "new",
"advanced_enabled": true,
"express_enabled": true,
"deleted_at": null,
"published": true
}
"name": "odata",
"created_at": "2017-02-27T09:26:46.890Z",
"updated_at": "2017-02-27T09:26:46.890Z",
"uid": "oaufe1978bc9e71d999ef2ba4",
"icon": "odata",
"version": "v1",
"__v": 0,
"title": "Dynamics 365",
"oauth2_include": [
"{\"resource\":\"{resource}\"}"
],
"oauth2_required": [
{
"title": "Tenant ID",
"id": "tenant",
"default": "common",
"description": "Enter Dynamics 365 tenant id, leave it common if you don't have it"
},
{
"title": "Resource URL",
"id": "resource",
"description": "Enter Dynamics 365 resource URL, eg: https://example.crm5.dynamics.com"
}
],
"oauth2_params_scope": [
"{\"user_impersonation\":\"User Impersonation\"}"
],
"oauth2_refresh_data": [
"{\"client_secret\":\"{client_secret}\"}",
"{\"grant_type\":\"refresh_token\"}",
"{\"client_id\":\"{client_id}\"}",
"{\"resource\":\"{resource}\"}",
"{\"refresh_token\":\"{refresh_token}\"}"
],
"oauth2_refresh_url": "/token",
"oauth2_token_data": [
"{\"redirect_uri\":\"{redirect_uri}\"}",
"{\"client_id\":\"{client_id}\"}",
"{\"client_secret\":\"{client_secret}\"}",
"{\"resource\":\"{resource}\"}",
"{\"grant_type\":\"authorization_code\"}"
],
"oauth2_token_url": "/token",
"oauth2_auth_query": [
"{\"client_id\":\"{client_id}\"}",
"{\"response_type\":\"code\"}",
"{\"resource\":\"{resource}\"}",
"{\"scope\":\"{scope}\"}",
"{\"prompt\":\"login\"}",
"{\"redirect_uri\":\"{redirect_uri}\"}"
],
"oauth2_auth_url": "/authorize",
"oauth2_no_state": false,
"env_pre_prod_params": [
"{\"client_id\":\"{{{pre_prod.CLIENT_ID}}}\"}",
"{\"client_secret\":\"{{{pre_prod.CLIENT_SECRET}}}\"}",
"{\"redirect_uri\":\"{OAUTH_ENDPOINT_OAUTH_RETURN}\"}"
],
"env_production_params": [
"{\"redirect_uri\":\"{OAUTH_ENDPOINT_OAUTH_RETURN}\"}",
"{\"client_id\":\"{{{production.CLIENT_ID}}}\"}",
"{\"client_secret\":\"{{{production.CLIENT_SECRET}}}\"}"
],
"env_staging_params": [
"{\"redirect_uri\":\"{OAUTH_ENDPOINT_OAUTH_RETURN}\"}",
"{\"client_id\":\"{{{staging.CLIENT_ID}}}\"}",
"{\"client_secret\":\"{{{staging.CLIENT_SECRET}}}\"}"
],
"env_development_params": [
"{\"client_id\":\"{{{development.CLIENT_ID}}}\"}",
"{\"client_secret\":\"{{{development.CLIENT_SECRET}}}\"}",
"{\"redirect_uri\":\"{OAUTH_ENDPOINT_OAUTH_RETURN}\"}"
],
"env_local_params": [
"{\"client_id\":\"{{{local.CLIENT_ID}}}\"}",
"{\"client_secret\":\"{{{local.CLIENT_SECRET}}}\"}",
"{\"redirect_uri\":\"{OAUTH_ENDPOINT_OAUTH_RETURN}\"}"
],
"base_url": "https://login.microsoftonline.com/{tenant}/oauth2",
"oauth_type": "OAuth2",
"development_phase": "new",
"advanced_enabled": true,
"express_enabled": true,
"deleted_at": null,
"published": true
}
▪ Provide header information in the "oauth2_validate_headers" array, as shown in the sample array:
{
"oauth2_validate_headers": [
"{\"Authorization\":\"Bearer {access_token}\"}",
"{\"Content-Type\":\"application/json\"}"
]
}
"oauth2_validate_headers": [
"{\"Authorization\":\"Bearer {access_token}\"}",
"{\"Content-Type\":\"application/json\"}"
]
}
▪ Provide scope information in the "oauth2_params_scope" array, as shown in the sample array:
{
"oauth2_params_scope": [
"{\"READ\":\"READ_PRIVILEGES\"}"
]
}
"oauth2_params_scope": [
"{\"READ\":\"READ_PRIVILEGES\"}"
]
}
▪ Provide need URL information in "oauth2_params_other" array, as shown in the sample array:
{
"oauth2_params_other": [
"{\"needurl\":\"true\"}"
]
}
"oauth2_params_other": [
"{\"needurl\":\"true\"}"
]
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
SOAP
Perform the following steps every time you want to add an OAuth provider for your SOAP instance:
1. Configure OAuth on your SOAP instance.
2. As per your OAuth configuration, provide values in the OAuth configuration JSON file. Refer sample config.json. The following are example values that you might provide for loading OAuths:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your OAuth application. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your OAuth application. |
VALIDATE_URL | Specifies the URL used to validate the access token. | Retrieve the value from your OAuth client. |
REFRESH_URL | Specifies the URL to be used to obtain access tokens. | Retrieve the value from your OAuth client. |
TOKEN_URL | Provides the access token. | Retrieve the value from your OAuth client. |
AUTH_URL | Specifies the OAuth endpoint for token requests. | Retrieve the value from your OAuth client. |
▪ Provide header information in the "oauth2_validate_headers" array, as shown in the sample array:
{
"oauth2_validate_headers": [
"{\"Authorization\":\"Bearer {access_token}\"}",
"{\"Content-Type\":\"application/json\"}"
]
}
"oauth2_validate_headers": [
"{\"Authorization\":\"Bearer {access_token}\"}",
"{\"Content-Type\":\"application/json\"}"
]
}
▪ Provide scope information in the "oauth2_params_scope" array, as shown in the sample array:
{
"oauth2_params_scope": [
"{\"READ\":\"READ_PRIVILEGES\"}"
]
}
"oauth2_params_scope": [
"{\"READ\":\"READ_PRIVILEGES\"}"
]
}
▪ Provide need URL information in "oauth2_params_other" array, as shown in the sample array:
{
"oauth2_params_other": [
"{\"needurl\":\"true\"}"
]
}
"oauth2_params_other": [
"{\"needurl\":\"true\"}"
]
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Salesforce
Perform the following steps every time you want to add an OAuth provider for a Salesforce App:
1. Create a Salesforce App.
While creating the application, set appropriate values of the following parameters:
▪ Scopes—Provide appropriate scopes to the App.
▪ Callback URL—Enter ThingWorx Flow return URL, such as https://<HostName:Port>/Thingworx/Oauths/oauth/return.
2. To add an OAuth provider for Salesforce, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your Salesforce App. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your Salesforce App. |
"salesforce": {
"Salesforce": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
"Salesforce": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
The following video demonstrates the steps required to enable OAuth configuration for Salesforce:
ServiceMax
Perform the following steps every time you want to add an OAuth provider for a ServiceMax App:
While creating the application, set appropriate values of the following parameters:
▪ Scopes—Provide appropriate scopes to the App.
▪ Callback URL—Enter ThingWorx Flow return URL, such as https://<HostName:Port>/Thingworx/Oauths/oauth/return.
2. To add an OAuth provider for Servicemax, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your Servicemax App. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your Servicemax App. |
"servicemax": {
"Servicemax": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
"Servicemax": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Slack
Perform the following steps every time you want to add an OAuth provider for a Slack App:
1. Create your Slack App.
While creating the application, set appropriate values of the following parameters:
▪ Scopes—Provide appropriate scopes to the App.
▪ Redirect URL—Enter ThingWorx Flow return URL, such as https://<HostName:Port>/Thingworx/Oauths/oauth/return.
2. To add an OAuth provider for Slack, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your Slack App. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your Slack App. |
"slack": {
"Slack": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
"Slack": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Swagger
Perform the following steps every time you want to add an OAuth provider for your Swagger instance:
1. Configure OAuth on your Swagger instance.
2. As per your OAuth configuration, provide values in the OAuth configuration JSON file. Refer sample config.json. The following are example values that you might provide for loading OAuths:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your OAuth application. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your OAuth application. |
VALIDATE_URL | Specifies the URL used to validate the access token. | Retrieve the value from your OAuth client. |
REFRESH_URL | Specifies the URL to be used to obtain access tokens. | Retrieve the value from your OAuth client. |
TOKEN_URL | Provides the access token. | Retrieve the value from your OAuth client. |
AUTH_URL | Specifies the OAuth endpoint for token requests. | Retrieve the value from your OAuth client. |
▪ Provide header information in the "oauth2_validate_headers" array, as shown in the sample array:
{
"oauth2_validate_headers": [
"{\"Authorization\":\"Bearer {access_token}\"}",
"{\"Content-Type\":\"application/json\"}"
]
}
"oauth2_validate_headers": [
"{\"Authorization\":\"Bearer {access_token}\"}",
"{\"Content-Type\":\"application/json\"}"
]
}
▪ Provide scope information in the "oauth2_params_scope" array, as shown in the sample array:
{
"oauth2_params_scope": [
"{\"READ\":\"READ_PRIVILEGES\"}"
]
}
"oauth2_params_scope": [
"{\"READ\":\"READ_PRIVILEGES\"}"
]
}
▪ Provide need URL information in "oauth2_params_other" array, as shown in the sample array:
{
"oauth2_params_other": [
"{\"needurl\":\"true\"}"
]
}
"oauth2_params_other": [
"{\"needurl\":\"true\"}"
]
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Trello
Perform the following steps every time you want to add an OAuth provider for a Trello account:
In the settings, set appropriate values of the following parameter:
▪ Redirect URL—Enter ThingWorx Flow return URL under Allowed Origins, such as https://<HostName:Port>/Thingworx/Oauths/oauth/return.
2. To add an OAuth provider for Trello, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CONSUMER_KEY | Specifies the consumer key to use for validation access tokens from the authorization server. | Retrieve the value from Trello developer API keys. |
CONSUMER_SECRET | Consumer secret value. | Retrieve the value from Trello developer API keys. |
"trello": {
"Trello": {
"CONSUMER_SECRET": "<client secret here>",
"CONSUMER_KEY": "<client id here>"
}
}
"Trello": {
"CONSUMER_SECRET": "<client secret here>",
"CONSUMER_KEY": "<client id here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Windchill
Perform the following steps every time you want to add an OAuth provider for a Windchill server:
2. To add an OAuth provider for Windchill, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your PingFederate OAuth client. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your PingFederate OAuth client. |
BASE_URL | Specifies PingFederate OAuth URL. | https://<Pingfederate FQDN>:<Port>/as |
PF_IDP_ADAPTER_ID | Optional. Specifies the PingFederate IdP adapter ID from your configuration. Specify only if you have multiple IdP adapters in PingFederate. | PingFederateAdapterID |
RESOURCE_URL | Optional. Specifies the Windchill URL. It is recommended to provide RESOURCE_URL while configuring OAuth. If you do not specify the RESOURCE_URL, then the user must provide it while adding an OAuth connector. | <protocol>://<Windchill FQDN>:<Port>/Windchill |
"windchill": {
"Windchill": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>",
"base_url": "<base url here>"
}
}
"Windchill": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>",
"base_url": "<base url here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Zendesk
Perform the following steps every time you want to add an OAuth provider for a Zendesk app:
1. Create your Zendesk app.
While creating the application, set appropriate values of the following parameters:
▪ Scopes—Provide appropriate scopes to the App.
▪ Redirect URL—Enter ThingWorx Flow return URL, such as https://<HostName:Port>/Thingworx/Oauths/oauth/return.
The following video demonstrates the steps required to enable OAuth configuration for Zendesk:
2. To add an OAuth provider for Zendesk, provide the following values in the OAuth configuration JSON file:
Parameter | Description | Value |
|---|---|---|
CLIENT_ID | Specifies the client identifier to use for validation access tokens from the authorization server. | Retrieve the value from your Zendesk App. |
CLIENT_SECRET | Client secret value. | Retrieve the value from your Zendesk App. |
"zendesk": {
"Zendesk": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
"Zendesk": {
"CLIENT_SECRET": "<client secret here>",
"CLIENT_ID": "<client id here>"
}
}
3. Execute the LoadOAuthConfiguration service from ThingWorx Composer to load the OAuth provider to the ThingWorx Flow server.
Troubleshooting
Scenario | Solution | ||
|---|---|---|---|
You cannot add an OAuth provider, if an OAuth connector is using an existing OAuth provider with the same name.
| • Add a unique OAuth provider name, and then load the OAuth configuration. For example, if Gmail-1 exists in the OAuth configuration, then add Gmail-2 to the OAuth configuration JSON file as shown in the following example code: { "google_gmail": { "Gmail-1": { "CLIENT_ID": "<client id for Gmail - 1 account here>", "CLIENT_SECRET": "<client secret for Gmail - 1 account here>" }, "Gmail-2": { "CLIENT_ID": "<client id for Gmail - 2 account here>", "CLIENT_SECRET": "<client secret for Gmail - 2 account here>" } } } OR • Delete any connectors that use the existing OAuth provider, upload the OAuth provider again, and then restart the OAuth service. Complete the following steps to restart the OAuth service: 1. On the system where ThingWorx Flow is installed, start Command Prompt as Administrator. 2. Run the pm2 ls command to obtain the OAuth service number. 3. Run the pm2 restart <OAuth_service_number> command to restart the OAuth server. OR On the system where ThingWorx Flow is installed, start Command Prompt as Administrator, and run the pm2 restart flow-oauth-server command to restart the OAuth server. |