.. include:: /includes.rst.txt .. comments - headings # with overline, for parts * with overline, for chapters = for sections - for subsections ^ for subsubsections " for paragraphs * for H5 + for H6 .. _edg_as_oauth_client: EDG as an OAuth API client -------------------------- Some EDG features require access to external APIs that are protected with OAuth. The external API may be another EDG instance that is configured with :ref:`OAuth Authentication `. This page describes how to configure EDG so that it can act as an OAuth client in these scenarios. Configuring EDG as an OAuth API client ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. note:: When configuring this method of authentication, it is helpful to have a technical resource familiar with the OAuth 2.0 Authorization Server to assist with the configuration. TopQuadrant is unable to assist with specific configuration options for each customer's Authorization Server. * Using EDG as an OAuth 2.0 client is configured through EDG Server Administration. Browse to your EDG webapp UI, and navigate to the :ref:`OAuthParametersSection` of the :ref:`SystemConfigurationParametersAdminPage`. * The **Token Request URL**, **Client ID**, **Client Secret**, and **Scope** depend on the Authorization Server. See the Authorization Server examples below. * The **Relying party identifier** is a URL that identifies the resource being accessed. When EDG makes external API requests to a URL, and the URL starts with this Relying party identifier, then EDG will attempt authentication with this OAuth configuration. For example, if the resource being accessed is another EDG instance: ``https://your.edg.server/edg/tbl/`` Authorization Server Examples ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Okta """" Under OAuth Parameters, fill in the following: * **Token Request URL** ``https://your.okta.com/oauth2/default/v1/token`` * **Client ID** ``xxxxxxxxxxxxxxxxxxxx`` (obtained by your Okta administrator for this Application) * **Client Secret** obtained by your Okta administrator for this Application * **Scope** obtained by your Okta administrator for this Application (if required) Microsoft Entra ID """""""""""""""""" Under OAuth Parameters, fill in the following: * **Token Request URL** ``https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/v2.0/token`` * **Client ID** ``xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`` (obtained by your Entra administrator for this Application) * **Client Secret** obtained by your Entra administrator for this Application * **Scope** ``api://xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/.default`` (obtained by your Entra administrator for this Application) Amazon Cognito """""""""""""" Under OAuth Parameters, fill in the following: * **Token Request URL** ``https://your.amazoncognito.com/oauth2/token`` * **Client ID** ``xxxxxxxxxxxxxxxxxxxxxxxxxx`` (obtained by your Cognito administrator for this Application) * **Client Secret** obtained by your Cognito administrator for this Application * **Scope** ``https://your.resource.server/your.scope`` (obtained by your Cognito administrator for this Application) See also ^^^^^^^^ * :ref:`oauth_authentication`