This guide will show you how to setup OAuth Authentication using the OAuth Authenticator provided in Kinetic Task. This guide will specifically show you how to setup OAuth between Kinetic Task and Kinetic Request CE, but the steps should be the same for any other OAuth provider you are using.
Retrieve Client Id and Client Secret from the OAuth Provider
More information on where to do that in Kinetic Request CE can be found here.
Enable the OAuth Authenticator
When logged into the Kinetic Task Admin Console, navigate to Admin -> Setup -> Authentication and then select OAuth Authenticator from the Authenticator dropdown.
Configure the Authenticator Options
|Provider Name||Recognizable name that will go on the OAuth login button (ie. A name of Kinetic Request will have the button text 'Login with Kinetic Request').|
|Auto Redirect Login||If 'Yes', Task automatically redirects to the authorize endpoint. If 'No', Task's login page will show with a link to login with the configured OAuth provider.|
|Authorize Endpoint||Endpoint to authorize an OAuth application for the OAuth provider (ie. http://acme.com/kinetic/acme/app/oauth/authorize).|
|Token Endpoint||Endpoint to retrieve a token for the OAuth provider (ie. http://acme.com/kinetic/acme/app/oauth/token).|
|Check Token Endpoint||Endpoint to validate a retrieved token for the OAuth provider. The token that is being validated will be added to the end of the endpoint(ie. http://acme.com/kinetic/acme/app/oau...k_token?token=). If left blank, token won't be validated.|
|Logout Redirect Endpoint||Location that Kinetic Task will redirect a user to after logging out of the application. If not set, Task will redirect to the Kinetic Task login page by default.|
|Client Id||Client Id for the configured OAuth Client.|
|Client Secret||Client Secret for the configured OAuth Client.|
|Redirect URI||Redirect URI for the configured OAuth Client (ie. http://acme.com/kinetic-task/oauth).|
|Scope||Scope for the configured OAuth Client (can be left blank and should be if configuring with Kinetic Request CE).|
For Kinetic Request CE, the Authorize, Token, and Check Token endpoints all should point at a CE space url (ie. http://localhost:8080/kinetic/acme or https://acme.kinops.io) and then add the rest of the url on the end as shown in the examples (/app/oauth/authorize, /app/oauth/token, /app/oauth/check_token?token= respectively).
The Redirect URI is going to be the location of your Kinetic Task instance (ie. http://localhost:8080/kinetic-task) followed by /oauth.
The Scope is determined when you set up your OAuth provider and if you are configuring to use with Kinetic Request CE, Scope can be left blank.
Configure the Identity Store
If using with Kinetic Request CE, the Kinetic Core Identity Store should be configured so that user information can be shared to Kinetic Task from Kinetic Request CE. More information about the Kinetic Core Identity Store can be found here.
If using with another OAuth Provider, use the Local Identity Store which needs to further configuration.