Server-Side Scripts

Overview

In some cases, you'll want to perform a specific task that can be automated but needs access to the WorkflowGen GraphQL API; this use case is often in the form of a server-side script. For this, OAuth2 provides a type of grant called Client Credentials that simply exchanges a client ID and secret for an access token. There's no ID token since it's not part of the OpenID Connect standard and there's no user involved.

This section provides instructions on how to configure Okta with a server-side script that has access to the GraphQL API. First, you'll need to configure a new web application in the Okta portal; then, you'll need to configure a new application in WorkflowGen.

Prerequisites

Make sure to have a licensed copy of WorkflowGen installed and running on a server.
Make sure to have administrative access to WorkflowGen.
Make sure to have administrative access to Okta to be able to configure it properly.
Make sure to have successfully configured delegated authentication to Okta on your WorkflowGen instance following the instructions in the Okta authentication section.

Okta configuration

Create a new API services application

In the Applications item under the Applications menu in your Okta developer portal, click the Create App Integration button.
Select the API Services sign-in method, then click Next.
Enter the name of your application, then click Save.

Review the registration

Here's a review of the information you need:

A client ID and a client secret, which can be found on the newly registered service application's general tab.
The WorkflowGen GraphQL API identifier, which can be found on its settings page.

WorkflowGen configuration

As with user provisioning, WorkflowGen needs to know which application is accessing the GraphQL API. Therefore, you have to register the application, which consists of your script.

Register a new application

On the Applications page in the WorkflowGen Administration Module, click New application.
Fill in the form:
- Name: My API Services App
- Description: A description that clearly identifies the script
- Type: Non-interactive Client
- Impersonate username: Any username that has the required access to the GraphQL API
- Client ID: The client ID you retrieved earlier from your registered service app (e.g. My API Services App)
- Active: Check this checkbox
Click Save.

Your application should now appear in the list of applications.

You should now have the necessary components in place to make GraphQL API requests with your script by passing the access token received from Okta from a Client Credentials Grant flow.

PreviousWorkflowGen Plus v2 NextSingle-Page Applications

Overview

Prerequisites

Make sure to have a licensed copy of WorkflowGen installed and running on a server.

Make sure to have administrative access to WorkflowGen.

Make sure to have administrative access to Okta to be able to configure it properly.

Make sure to have successfully configured delegated authentication to Okta on your WorkflowGen instance following the instructions in the Okta authentication section.

Okta configuration

Create a new API services application

In the Applications item under the Applications menu in your Okta developer portal, click the Create App Integration button.

Select the API Services sign-in method, then click Next.

Enter the name of your application, then click Save.

Review the registration

Here's a review of the information you need:

A client ID and a client secret, which can be found on the newly registered service application's general tab.

The WorkflowGen GraphQL API identifier, which can be found on its settings page.

WorkflowGen configuration

As with user provisioning, WorkflowGen needs to know which application is accessing the GraphQL API. Therefore, you have to register the application, which consists of your script.

On the Applications page in the WorkflowGen Administration Module, click New application.

Fill in the form:

Name: My API Services App
Description: A description that clearly identifies the script
Type: Non-interactive Client
Impersonate username: Any username that has the required access to the GraphQL API
Client ID: The client ID you retrieved earlier from your registered service app (e.g. My API Services App)
Active: Check this checkbox

Click Save.

Your application should now appear in the list of applications.

You should now have the necessary components in place to make GraphQL API requests with your script by passing the access token received from Okta from a Client Credentials Grant flow.