Versions Compared

Version Old Version 8 New Version 9
Changes made by

Kalpana Malladi

Kalpana Malladi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log into the Coupa portal. The URL format for Coupa instances:
    Customer instances: https://{organization_name}.coupahost.com 
    Partner and demo instances: https://{organization_name}.coupacloud.com

  2. Navigate to Setup > Integrations > Oauth2/OpenID Connect Clients.
    Note: You can also search for ‘oauth’ in the Find it fast search box.

    Image RemovedImage Added

  3. Click Create in Oauth2/OpenID Connect Clients page.

    Image RemovedImage Added

  4. From the Grant type list, select Client credentials.

    Image RemovedImage Added

  5. Specify the details for the client, such as Name, Login, Contact First Name, Contact Last Name, and Contact Email as shown in the image below:

    Image RemovedImage Added

    Note: You must provide a unique login ID for Client Credentials Grant type,else Coupa displays an error, Login has already been taken.

  6. Select the Scopes you want to include in this API setup.  
    Note: To create a client app, we must select at least one scope and the scopes which provide access to specific APIs required for your functionality.

  7. Click Save to save the client.  
    The client Identifier and Secret are generated. You can toggle the Show/Hide link to display and copy the client secret.

    Image RemovedImage Added

You can use the values of Client ID and Client Secret to gain access to the Coupa APIs. When you create a new Open Connect client, access is granted to a specific application or user client for specific areas of the product, defined by scopes.

...

  1. Steps 1 through 3 are common as mentioned in Configuring an OAuth App with Client Credentials Grant type.

  2. From the Grant type list, select Authorization code.

  3. Specify the details for the client as shown in the image below.

    Image RemovedImage Added

  4. Select Shared secret.

  5. Mandatory. Select offline_access scope under Scopes.

  6. Click Save. The client Identifier and Secret are generated. You can toggle the Show/Hide link to display and copy the client secret.

    Image RemovedImage Added

Generating PKCE (Proof Key for Code Exchange) with Authorization code

...

  • code_verifier: The code verifier should be a high-entropy cryptographic random string with a minimum of 43 characters and a maximum of 128 characters. Should only use A-Z, a-z, 0–9, “-”(hyphen), “.” (period), “_”(underscore), “~”(tilde) characters.

  • code_challenge: The code challenge is created by SHA256 hashing the code_verifier and base64 URL encoding the resulting hash. Base64UrlEncode(SHA256Hash(code_verifier)). And each pair is used only once.

  • code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier))).

  • code_challenge_method: It is used to state the method (the available value is “S256”) used to transform the code verifier into the code challenge and if you don’t use it an Authorization Server will assume that the code challenge and the code verifier are the same.

Requesting an OpenID Connect

...

Access Token to use in Coupa Dynamic OAuth2 account

Once you have created a client, the next step is to request for an access token.

...