How to get access token generated from Oauth 2.0 configured in appian

Certified Senior Developer

Hi All

Please suggest some ideas how can i externally/manuaaly capture the the access token generated from OAuth2.0 in apian.

As of now it is managing to pass tokens directly from connected system to integration.

One link is already there in apian suggesting capturing the access token code, but don't know where to write this code, link is given below

docs.appian.com/.../working-with-oauth-2-0.html

  Discussion posts and replies are publicly visible

  • 0
    Certified Lead Developer

    The idea of that connected system is, that it manages that token for you. What do you want to achieve?

  • 0
    Certified Senior Developer
    in reply to Stefan Helzle

    Hi Stefan,

    There is an application authorized using OAuth2.0 configuration with some other technology React JS,

    It is passing the token for calling the integration/apis using the same token,

    requirement is to generate the access token from same OAuth2.0 and pass this token to that application, so that they can continue

    For this above requirement, we need to capture access token generated from this connected system configured in Appian,

    How can i get this access token, I am able to authenticate but not able to capture the token, its not like calling integration in appian and connected system can directly pass this token to that integration.

    I need to get the token from OAuth2.0 after it authenticates success fully.

    Thanks

      

  • 0
    Certified Lead Developer
    in reply to shreekrishnat0001

    Appian does not support manual token management when using connected systems.

    Besides security concerns by passing active tokens to other systems, you can implement the OAuth mechanism yourself by using the JWT plugins.

  • 0
    Certified Senior Developer
    in reply to Stefan Helzle

    Hi Stefan,

    Thanks for your prompt response.

    I did not find any documentation stating that it's not possible to get the access token and This could be helpful for me, and I can see i can read token generated using POSTMAN

    Please pardon me for this kind of request, I just wanted to be sure before presenting this to business.

    Thanks,

     

  • 0
    Certified Lead Developer
    in reply to shreekrishnat0001

    I did not find any documentation stating that the OAuth token would be exposed.

    Appian tries to provide a platform that is secure by design. As managing security tokens is a very sensitive area, I appreciate the design decision to not expose tokens.

  • 0
    Certified Lead Developer

    You typically don't want to expose access tokens since they could be used to call the integration on your behalf if they were leaked.

  • 0
    Certified Senior Developer
    in reply to Mathieu Drouin

    Hi Mathieu,

    Thanks for your response.

    I think, tokens can be tracked even through network monitoring of any request from the browser. The thing is how the source is verifying the token generating digital signature.

       

    I have requirement like this to capture the token and need to pass it manually.

    SO, my question is how I can get this token after generating from Oauth2.0 configuration.

    Hope, you understand business requirement.

  • 0
    Certified Senior Developer

    To capture and manually pass an OAuth 2.0 access token from Appian for use in another application, despite Appian's design to not expose such tokens directly, you can follow this workaround:

    1. External OAuth Flow Execution: Execute the OAuth 2.0 flow externally using a tool like Postman or a custom script. This involves directly interacting with the OAuth provider's endpoints to authenticate and obtain the access token.

    2. Manual Token Management: Once you have the access token, manage it manually outside of Appian. This could involve storing the token securely and making it accessible to your other applications as needed.

    3. Secure Token Sharing: Implement a secure method to pass the token to your application, ensuring that the token is transmitted securely (e.g., over HTTPS) and only accessible to authorized parties.

    Note:

    This solution requires handling the OAuth process and token management manually, outside of Appian's built-in features, due to Appian's secure design philosophy which does not support exposing access tokens directly.

  • 0
    Certified Lead Developer
    in reply to shreekrishnat0001

    I suggest to discuss that with the CISO of your client.

    We understand your "requirement", but Appian does not support that for a good reason.