Contact Us 1-800-596-4880

Credentials for OAuth

The Credentials for OAuth action step enables you to set up your OAuth credentials one time and then reference them in Action Steps that support OAuth Authentication. You can create a set of tokens that don’t rely on a user password to authenticate with the email server and then use the token to repeatedly log in to the services without asking for the user’s password again.

Properties

  • OAuth Authentication Settings

    • OAuth Host

      The host address used to get the credentials. The default address for Outlook services is https://login.microsoftonline.com/common/oauth2/v2.0/. This address might change if you use a self-hosted service.

    • Client ID

      To authenticate with the OAuth Host, an Azure application must be defined in your space. This Azure application has an ID, that is unique in the entire OAuth Host space and it allows users to explicitly grant or revoke access for this Azure application to their accounts. For more information on how to create this Azure application for Outlook, visit Quickstart: Register an application with the Microsoft identity platform.

    • Client Secret

      Allows RPA Builder to prove to the OAuth Host that it received permission to access user accounts on behalf of the registered Azure application. Without this permission, authentication is not possible.

    • Redirect Uri

      The URI to which the OAuth Host redirects after the user has completed the authentication attempt. This redirect URI must be registered with the Azure application. If the entered redirect URI matches one of the registered URIs, the OAuth Host allows the authentication.

    • Scopes

      Defines which permissions the user grants to the Azure application. By default, RPA Builder requests the following permissions:

      • offline_access

        (Required) Enables access via a refresh token, which you can use to repeatedly log in to the email services without requiring user interaction each time.

      • https://outlook.office.com/IMAP.AccessAsUser.All

        (Required when using IMAP) Enables reading and moving emails from the Outlook IMAP server.

      • https://outlook.office.com/POP.AccessAsUser.All

        (Required when using POP3) Enables reading emails from the Outlook POP3 server.

      • https://outlook.office.com/SMTP.Send

        (Required when using SMTP) Enables sending emails from the Outlook SMTP server.

      • openid email

        Enables RPA Builder to automatically detect the email account used to log in to the Azure application. If this scope is omitted, you must provide an email in the wizard.

    • Save data to generate Tokens via the Tools menu

      Saves the current data for further use when Generating an OAuth Refresh Token.

    • Email address

      The email address populates automatically if RPA Builder detects it from the authentication attempt. If the openid email scope is omitted, you must provide an email address manually.

Inbound Variables

  • OAuth Host Address

    The host address used to get the credentials.

  • OAuth Client ID

    The Azure application client ID.

  • Client Secret

    The Azure application client secret.

  • Redirect Uri

    The URI to which the OAuth Host redirects after the user completes the authentication attempt.

  • Scopes

    The set of permissions the user grants to the Azure application.

  • E-mail Address

    The email address.

  • Refresh Token

    The OAuth refresh token.

Outbound Variables

  • Credentials of OAuth

Wizard

The Credentials for OAuth Wizard

Follow these steps to authenticate with your credentials:

  1. Complete the OAuth Authentication configuration by specifying the required properties.

    Refer to Properties for a description of each property.

  2. Click Authenticate.

    This step starts the authentication process with the OAuth Host, which opens the login page in your default browser.

  3. In the OAuth Host’s login page, complete the login process.

  4. Close the browser.

After completing the last step, the wizard shows that you are authenticated: The Logged in confirmation message in the authentication settings window

Generating an OAuth Refresh Token

To generate and configure a refresh token:

  1. In the Tools menu, select Generate OAuth Refresh Token.

    The Generate OAuth Refresh Token options in the Tools menu

  2. Complete the OAuth Token Creator form that appears.

    The OAuth Token Creator Form

    If you already configured the Credentials for OAuth Action Step details and clicked the Save data to generate Tokens via the Tools menu button, the data automatically populates with the last data you entered in the wizard.

  3. Click Authenticate.

  4. Click Copy Token to Clipboard.

  5. Paste the token in an alphanumeric Server Based Variable.

  6. Pin the variable to the field Refresh Token in the Credentials for OAuth wizard.

    You can also pin the other values from the OAuth Token Creator.

    By using a Server Based Variable you don’t need to upload a new version of your Workflow to RPA Manager if your token expires or your user gets logged out of Microsoft. In this case, regenerate the refresh token for the same user with the OAuth Token Creator and update the assigned Server Based Variable on RPA Manager.