|
|
|
|
The OAuth Client page registers clients to access your specific VSA. Registering an OAuth client ensures a customized app is authorized to provide users with extended access to VSA functionality and user data, without having any knowledge of the user's VSA credentials.
A registered OAuth client delegates a user's initial logon to the VSA. The VSA then returns client-specific tokens back to the app server. The app server uses these tokens to authenticate the client app. Because of OAuth delegation, neither the app server nor the client app ever has access to the VSA user's actual credentials.
After the initial logon. the client app shows the VSA user a customized view of VSA functionality and user data, based on the developer's use of VSA APIs. Typically the client app does not need to re-authenticate unless the client-specific token elapses without being refreshed by repeated use. The default is 60 days.
Note: For guidance on how to build an OAuth client that communicates with the VSA see Using OAuth 2.0 to Access VSA APIs.
Registration
Registering an app generates an email message that includes codes for two items:
client_IDclient_secretAn app developer uses these codes to uniquely identify their app as a trusted client with your VSA using OAuth authentication.
Actions
client_ID and client_secret.Columns
confidential. The only type of OAuth client supported at this time.client_ID and client_secret.