Versions Compared

Version Old Version 3 New Version 4
Changes made by

Kalpana Malladi

Kalpana Malladi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this Article

...

Snaps in the Coupa Snap Pack use the Coupa OAuth2 account to access the Coupa application. For the OAuth2 account to function without any issue, ensure to create and configure a connected App corresponding to the account as explained in the steps below. These steps also contain the information required to create/ define a new OAuth2 account for using this Snap Pack.

...

Creating an OAuth app in Coupa Portal

Coupa supports three Grant types: Authorization code, Client credentials, and Device code, but we provide support only for Authorization code and Client credentials grant types.

Prerequisite:

Admin access to Coupa

Info

  • To create an OAuth2/OIDC Client with the Client Credentials grant type, log into Coupa as an integrations-enabled administrator. After you configure, the values of Client ID and Client Secret are used to gain access to the Coupa API.

  • When you create a new Open Connect client, access is granted to a specific application or user client for specific areas of the product, defined by scopes.

  • The URL format for Coupa instances:

    • Customer instances: https://{organization_name}.coupahost.com 

    • Partner and demo instances: https://{organization_name}.coupacloud.com

...

 

Configuring an OAuth App with Client Credentials Grant type

Using Client Credentials Grant type you can create a client and generate Client ID and Client Secret to request for an access token.

  1. Log into the Coupa portal.

  2. Navigate to Setup > Integrations > Oauth2/OpenID Connect Clients.
    Note: You can type also search for ‘oauth’ in the Search box to find Find it fast.Log into the <endpoint> portal. search box.

    Image Added
  3. Image Added

    Click Create in Oauth2/OpenID Connect Clients page.

    Image Added

  4. In From the Grant type list, select Client credentials.

    Image Added

  5. Specify the details for the client as shown below: Name for the Client, Login, Contact info, and Contact Email.in the image below:

    Image Added

    Note: You must provide a unique Loginlogin id for Client Credentials Grant type,else Coupa displays an error, Login has already been taken.

  6. Select the Cfm tooltiptextScopes are like a set of permissions set on the API key Scopes you would like want to include in this API setup.  .  To create a client app, we must select at least one scope and the scopes which provide access to specific APIs required for your functionality. Click the Scope to view the APIs that each Scope supports.
    Note: To implement API permissions with OIDC, we've created several new scopes that provide access to specific functionality for the API.

  7. Click Save to save the client.  
    The client Identifier and Secret are generated to gain access to the API Scopes that you have configured.  
    Toggle  Toggle Show/Hide to display and copy the Secret.
    Once you create the client in Coupa, use the application or client to request an access token based on the grant type you configured.client secret.

    Image Added

Configuring an OAuth App with Authorization Code Grant type

Using the Authorization Code Grant type you can request the authorization endpoint for a code and use that code to request for an access token.

  1. Steps 1 through 3 are common as mentioned in Configuring an OAuth App with Client Credentials Grant type.

  2. From the Grant type list, select Authorization code.

  3. Specify the details for the client as shown in the image below.

    Image Added

  4. Select offline_access scope under Scopes.

  5. Click Save. The client Identifier and Secret are generated.

    Image Added

Get an OpenID Connect access token

...

  1. Navigate to the <Snap Pack Name> Snap of your choice and configure the <Snap Pack Name> OAuth2 Account with the following details:

    • Client ID: A Public Identifier for your app. Provide the Client ID that is auto-generated after creating the app in the <endpoint>

    • Client Secret: Secret value known only to the app and the auth server. Provide the Client Secret that is auto-generated after creating the app in the <endpoint>.

    • OAuth2 Endpoint:

    • OAuth2 Token
      <Insert Account image>

  2. Click Authorize.
    You will be redirected to the login page of ServiceNow.

  3. Log into ServiceNow and accept the permissions.
    The Access token and the Refresh Token will be generated.

  4. Select the Auto-refresh token checkbox and save the account.

...