Skip to main content

logoCorrectSize.png

Workday Adaptive Planning Knowledge Center

Authenticate with OAuth

Explains how to set up an OAuth for authenticating your CCDS

You can authenticate your CCDS data source with an OAuth service provider by configuring an OAuth Credential. Data Designers attempting to use the CCDS must log in and authorize an access request.

If you created a Workday Credential, you can use this to authenticate your CCDS.

Prerequisites

  • New to CCDS?  See Concept: CCDS and Set up a Custom Cloud Data Source(CCDS).
  • Required Permissions to Set up and Authenticate a CCDS with OAuth: Integration Developer within Administration > Permission Set
  • Required Permissions to Request Authorization for a CCDS:  Data Designer within Administration > Permission Set
  • Create a CCDS or select an existing CCDS.

Navigation

Compass.png From the nav menu, go to Integration Design Integrations.

Set up and Configure an OAuth

Create and manage OAuth configurations using Credentials pane in the Component Library

  1. Select Create New Credential in the Credentials pane.
  2. Select OAuth1.0a or OAuth 2.0, enter a name for the credential, and click Create. OAuth 1.0a and OAuth 2.0 credentials use different icons for identification purposes..
  3. Fill in the Settings:

OAuth 1.0a Settings has these fields:

  • Consumer Key: Client ID or client identifier, issued to the client during registration process. The Consumer Key and Consumer Secret form the credentials pair for identifying and authenticating the client making a request.
  • Consumer Secret: The secret key of the client.
  • Supported Signature Method:  The pre-defined signature method is "HMAC-SHA1" and cannot be changed. 
  • Request Token Service Http Method: Select either GET or POST from the dropdown.
  • Request Token Service Endpoint:  Used by the client to request a set of token credentials.
  • Authorize Redirect URL:  URL to obtain the temporary credentials for delegation request identification.
  • Access Token Service HTTP Method: Select either GET or POST according to the external access token service requirements.
  • Access Token Service Endpoint: URL to fetch the token for accessing protected resources. 
  • Add OAuth Params to Request URLs: URL to identify a resource within the scope of the URI's scheme and naming authority.

OAuth 2.0, Settings has these additional fields:

  • Consumer Key: Client Id or client identifier, issued to the client during registration process. The Consumer Key and Consumer Secret form the credentials pair for identifying and authenticating the client making a request.
  • Consumer Secret: The secret key of the client.
  • Redirect URI: Redirect the user after authorization. The Integration developer uses this URI during the OAuth 2.0 application setup on the third party server.This field cannot be changed.
  • Scope: The scope of services or objects for authorization access requests.
  • Authorization Header Required: Select this checkbox if the third party service provider requires the authorization header in the request when requesting or refreshing the access token after authorization.
  • Access Token Renewable: Select this checkbox if the initial authorization process fetches the original access and refresh tokens for renewal, and if the access token on the third party server renews automatically.
  • Authorize Redirect URL: The URL to obtain the temporary credentials for delegation request identification.
  • Access Token Service Http Method: Select either GET or POST according to the external access token service requirements.
  • Access Token Service Endpoint: URL to fetch the token for accessing protected resources.
  • Token Expiry Default (sec):  Default expiration in seconds for access tokens without an expiry time.
  1. Click Save in the Actions pane. 

See OAuth 1.0 Protocol and The OAuth 2.0 Authorization Framework for more information.

Authenticate your CCDS with OAuth

These steps are for Integration Developers.

  1. Select your CCDS in the Data Sources pane.
  2. Select Requires Credentials in the Data Settings tab.  
  3. Choose your OAuth credential from the Credentials dropdown.
  4. Update your script in the Scripts tab to include your OAuth credential.  For example, response=ai.authorizeRequest(url,method,body,headers). 
  5. Click Save in the Actions pane.

Request Authorization

These steps are for Data Designers.

  1. Select your CCDS in the Data Sources pane.
  2. Select Request Authorization in the Actions pane to generate the CCDS Authorization Request. 

A new browser window opens for authorizing the third party website. After the authorization is complete, the OAuth 1.0a application connects to your account to access data. For OAuth 2.0,  if the third party website allows, it may indicate the full scope of services you provided in the OAuth 2.0 Settings - Scope field.

  1. Refresh the Adaptive Planning CCDS Data Sources page. Notice that all the menu items in the Actions pane become enabled.

The Data Source Settings tab displays the Authorization Status with the third party authorization ID, and the date of the authorization. Authorization expiration dates vary from one provider to another. Notice when your authorization will expire.

Click the Reset Authorization in the Actions pane to re-authorize when needed. You can use Reset Authorization  to provide different authorization credentials to a third party website.

  • Was this article helpful?