Versions Compared

Version Old Version 5 New Version 6
Changes made by

Kalpana Malladi

Kalpana Malladi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this Article

...

Info

  • To create an OAuth2/OIDC Client with the Client Credentials grant type, log into Coupa as an integrations-enabled administrator. After you configure, the values of Client ID and Client Secret are used to gain access to the Coupa API.

  • When you create a new Open Connect client, access is granted to a specific application or user client for specific areas of the product, defined by scopes.

  • The URL format for Coupa instances:

    • Customer instances: https://{organization_name}.coupahost.com 

    • Partner and demo instances: https://{organization_name}.coupacloud.com

...

  1. Log into the Coupa portal.

  2. Navigate to Setup > Integrations > Oauth2/OpenID Connect Clients.
    Note: You can also search for ‘oauth’ in the Find it fast search box.

    Image RemovedImage Added

  3. Click Create in Oauth2/OpenID Connect Clients page.

    Image RemovedImage Added

  4. From the Grant type list, select Client credentials.

    Image RemovedImage Added

  5. Specify the details for the client as shown in the image below:

    Image RemovedImage Added

    Note: You must provide a unique login id for Client Credentials Grant type,else Coupa displays an error, Login has already been taken.

  6. Select the Scopes you want to include in this API setup.  To create a client app, we must select at least one scope and the scopes which provide access to specific APIs required for your functionality. Click the Scope to view the APIs that each Scope supports.
    Note: To implement API permissions with OIDC, we've created several new scopes that provide access to specific functionality for the API.

  7. Click Save to save the client.  
    The client Identifier and Secret are generated to gain access to the API Scopes that you have configured. Toggle Show/Hide to display and copy the client secret.

    Image RemovedImage Added

You can use the values of Client ID and Client Secret to gain access to the Coupa APIs.

Configuring an OAuth App with Authorization Code Grant type

...

  1. Steps 1 through 3 are common as mentioned in Configuring an OAuth App with Client Credentials Grant type.

  2. From the Grant type list, select Authorization code.

  3. Specify the details for the client as shown in the image below.

    Image RemovedImage Added

  4. Mandatory. Select offline_access scope under Scopes.

  5. Click Save. The client Identifier and Secret are generated.

    Image RemovedImage Added

Requesting an OpenID Connect access token

...

If code _verifier and code code _challenge mismatch, it displays the following error and each pair is used only once.

You can generate a code verifier using Online PKCE Generator tools available online.

Scopes

Coupa scopes take the form of service.object.right. For example, core.accounting.read or core.accounting.write. You can find the list of scopes and their underlying Coupa permissions by navigating to the Scope management page in Coupa. When you drill down into a scope, you can see the specific API permissions associated with that scope. 

...

  1. Navigate to the <Snap Pack Name> Snap of your choice and configure the <Snap Pack Name> OAuth2 Account with the following details:

    • Client ID: A Public Identifier for your app. Provide the Client ID that is auto-generated after creating the app in the <endpoint>

    • Client Secret: Secret value known only to the app and the auth server. Provide the Client Secret that is auto-generated after creating the app in the <endpoint>.

      Image RemovedImage Added

  2. Click Authorize.
    You will be redirected to the login page of ServiceNow.

  3. Log into Coupa and accept the permissions.
    The Access token and the Refresh Token will be generated.