Versions Compared

Version Old Version 2 New Version 3
Changes made by

Kalpana Malladi

Kalpana Malladi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this Article

...

Info

  • To create an OAuth2/OIDC Client with the Client Credentials grant type, log into Coupa as an integrations-enabled administrator. After you configure, the values of Client ID and Client Secret are used to gain access to the Coupa API.

  • When you create a new Open Connect client, access is granted to a specific application or user client for specific areas of the product, defined by scopes.

  • Here is the The URL format for Coupa instances:

    • Customer instances: https://{organization_name}.coupahost.com 

    • Partner and demo instances: https://{organization_name}.coupacloud.com

  1.  Log into the Coupa portal.

  2. Navigate to Setup > Oauth2/OpenID Connect Clients.
    Note: You can type ‘oauth’ in the Search box to find it fast.Log into the <endpoint> portal.

  3. Click Create.

  4. In the Grant type list, select Client credentials.

  5. Specify the details as shown below: Name for the Client, Login, Contact info, and Contact Email.
    Note: You must provide a unique Login,else Coupa displays an error, Login has already been taken.

  6. Select the

    Cfm tooltip
    textScopes are like a set of permissions set on the API key
    Scopes you would like to include in this API setup.  
    Note: To implement API permissions with OIDC, we've created several new scopes that provide access to specific functionality for the API.

  7. Click Save to save the client.  
    The client Identifier and Secret are generated to gain access to the API Scopes that you have configured.  
    Toggle Show/Hide to display and copy the Secret.
    Once you create the client in Coupa, use the application or client to request an access token based on the grant type you configured.

...

The curl request above is a JSON response containing the verification_uri and user code among other values. Go to the verification_uri on a browser and enter the user code to complete the flow.

Scopes

Coupa scopes take the form of service.object.right. For example, core.accounting.read or core.accounting.write. You can find the list of scopes and their underlying Coupa permissions by navigating to the Scope management page at /oauth2/scopes. When you drill down into a scope, you can see the specific API permissions associated with that scope. 

Scope without offline_access :

  • Client Credentials grand type - Gives access token and expiry.

    • New token is possible.

  • Authorization Code grand type - Gives access token and expiry.

    • Manually authorise to request for an new access token.

...

  • Authorization code grand type - Gives access token, expiry and refresh token.

Grant Types

Scope without offline_access

Scope with offline_access

Client Credentials grant type

Provides only access token and expiry

Provides only access token and expiry

Authorization Code shared secret

Provides only access token and expiry

Provides access token, expiry and refresh token.

Authorization code PKCE

Provides only access token and expiry

Provides access token, expiry and refresh token.

 

Locate/Define Information Required to Create your <Snap Pack Name> OAuth2 Account

...

  1. Navigate to the <Snap Pack Name> Snap of your choice and configure the <Snap Pack Name> OAuth2 Account with the following details:

    • Client ID: A Public Identifier for your app. Provide the Client ID that is auto-generated after creating the app in the <endpoint>

    • Client Secret: Secret value known only to the app and the auth server. Provide the Client Secret that is auto-generated after creating the app in the <endpoint>.

    • OAuth2 Endpoint:

    • OAuth2 Token
      <Insert Account image>

  2. Click Authorize.
    You will be redirected to the login page of ServiceNow.

  3. Log into ServiceNow and accept the permissions.
    The Access token and the Refresh Token will be generated.

  4. Select the Auto-refresh token checkbox and save the account.

...