Connected System with Client Credential Grant

RE: Connected System with Client Credential Grant

venkatesanr1106 — Fri, 06 Dec 2024 15:36:08 GMT

Thanks Mathieu , it would be if you could explain more abt the solution what you are refering here how do we create such in Appian , I thought it is generally usage for CS to use the client credentials grant with regular refresh , is there any existing bug in the system or something else , whether this error is invalid code generated or Appian not handling this responds properly and generate new refresh token , pls advise .

RE: Connected System with Client Credential Grant

Mathieu Drouin — Thu, 05 Dec 2024 22:41:42 GMT

You'll probably need a custom CS for this. Standard HTTPS connected system doesn't support refresh tokens AFAIK.

RE: Connected System with Client Credential Grant

venkatesanr1106 — Thu, 05 Dec 2024 17:40:00 GMT

Is there any solution for this while using client credentials grant after few hours it looks to me it says request rejected with 200 success message , after authorise it works well and then if it is not used for some time similar things repeat , if it returns 200 will it get new token if not what is the best way to authorise it again automatically and fix this

RE: Connected System with Client Credential Grant

Anon — Mon, 14 Jun 2021 19:49:08 GMT

Its Sharepoint. Yes. I am not using the existing connected systems as the APIs available with the existing Connected System is bit different. I can certainly search for the Sharepoint Connected System. eventually I want to try integration with outlook Calendar as well. All of them follow Microsoft Auth Flow.

RE: Connected System with Client Credential Grant

Stefan Helzle — Mon, 14 Jun 2021 16:12:36 GMT

You are talking to sharepoint. I think there where some discussions lately about an extra configuration step on sharepoint side. Did you find/try that?

RE: Connected System with Client Credential Grant

Anon — Mon, 14 Jun 2021 15:05:20 GMT

I will share some screenshots . In my case the authorization is successful . when I am using it in an integration its throwing Unauthorized error 401. I have separately tested it by manually passing the bearer token. If the token is missing it gets 401 and if the token si wrong it gets 403 error . what's the best way to troubleshoot

RE: Connected System with Client Credential Grant

Meelis Kiisk — Mon, 14 Jun 2021 14:41:33 GMT

Just use the connected system in the integration call and Appian will automatically take care of the Authorization Bearer token for you during the integration call!

RE: Connected System with Client Credential Grant

Stefan Helzle — Mon, 14 Jun 2021 14:03:31 GMT

Appian should do that automatically. This is why you define authentication in a separate object. The integration just uses that config.

docs.appian.com/.../oauth_client_credentials.html

RE: Connected System with Client Credential Grant

Anon — Mon, 14 Jun 2021 13:39:14 GMT

Hi Stefan,

Have you built a Connected system from scratch. I am trying to build one using client credentials ( OAuth2 flows) to retrieve the token. I was able to authorize successfully by passing client credentials, secret, etc . Now, I need to use this connected system to make subsequent API calls. The token needs to be sent as bearer token in the header. I am not sure how do I pass the token value. In fact I don;t even know where is Appian storing it. The documentations on Appian connected systems doesn't specific anything on this

RE: Connected System with Client Credential Grant

Stefan Helzle — Mon, 14 Jun 2021 12:54:57 GMT

By any chance, do they try to do SAML on their end? SAML is meant to work between browser and web server and uses javascript to do browser redirection.

RE: Connected System with Client Credential Grant

Meelis Kiisk — Mon, 14 Jun 2021 12:41:15 GMT

Stefan,

I agree - thank you for confirming my assumptions here, since my oAuth knowledge is limited, but I did read the spec and it does seem that we should retrieve 401/403 error back from the API, which would prompt Appian to auto-renew the JWT (authorization bearer) token

This is for a new integration with SAP...

RE: Connected System with Client Credential Grant

Stefan Helzle — Mon, 14 Jun 2021 09:10:48 GMT

I think a server returning a 200 code in case it cannot authenticate the user is just wrong and violates the HTTP protocol. I mean, we are talking about APIs here. How is the chance that a user is hitting the API endpoint with a browser?

RE: Connected System with Client Credential Grant

aksharc — Mon, 14 Jun 2021 07:50:48 GMT

No. For now, what I did is to create a process model which fetches the token every few hours and save it on the constant. I raised an enhancement request as well with Appian.

We have internal OData API servers which uses OAuth authentication!

RE: Connected System with Client Credential Grant

Meelis Kiisk — Fri, 11 Jun 2021 09:57:59 GMT

This was a while back - have you been able to find a solution?

Seeing a similar thing in one of the integrations - if I were to guess - when we call the resource server, then Appian expects a 401/403 response from the integration call, but most likely the resource server API returns another code, e.g. 200 (success) code with an HTML page trying to redirect to authorize. The issue with this would be that this does not prompt Appian to retrieve a new Bearer access token from the Authorization server

RFC 6749 https://www.rfc-editor.org/rfc/rfc6749.txt section 1.5 covers Refreshing an Expired Access Token

Just curious - what system are you connecting to?