Server-Side Scripts

Overview

In some cases, you'll want to perform a specific task that can be automated but needs access to the WorkflowGen GraphQL API; this use case is often in the form as a server-side script. For this, OAuth2 provides a type of grant called Client Credentials that simply exchanges a client ID and secret for an access token. There is no ID token since it's not part of the OpenID Connect standard and there's no user involved.

This section provides instructions on how to configure Auth0 with a server-side script that has access to the GraphQL API. First, you'll need to configure a new web application in the Auth0 portal; then, you'll need to configure a new application in WorkflowGen.

Prerequisites

  • Make sure to have a licensed copy of WorkflowGen installed and running on a server.

  • Make sure to have administrative access to WorkflowGen.

  • Make sure to have administrative access to Auth0 to be able to configure it properly.

  • Make sure to have successfully configured delegated authentication to Auth0 on your WorkflowGen instance following the instructions in the Auth0 authentication section.

Auth0 configuration

Step 1: Register a new machine-to-machine application

  1. In the Auth0 portal Applications section, click Create Applications.

  2. Fill in the form:

    • Name: Your script name

    • Application Type: machine-to-machine

  3. Click Create.

You've now successfully registered your script in Auth0.

Step 2: Grant access to the GraphQL API

  1. In the Auth0 portal APIs section, click WorkflowGen GraphQL API.

  2. On the Machine-to-Machine tab, authorize the application that you just created.

You've now successfully granted the GraphQL API access to your script.

Review the registration

Here's a review of the information you need:

  • A client ID, which can be found on the registered application's General tab.

  • A client secret, which can be found on the registered application's General tab.

  • The WorkflowGen GraphQL API identifier, which can be found on its settings page.

You're now ready to register your script in WorkflowGen.

WorkflowGen configuration

As with user provisioning, WorkflowGen needs to know which application is accessing the GraphQL API. Therefore, you have to register the application, which consists of your script.

Register a new application

  1. On the Applications page in the WorkflowGen Administration Module, click New application.

  2. Fill in the form:

    • Name: My Server Application

    • Description: A description that clearly identifies the script

    • Type: Non-interactive Client

    • Impersonate username: Any username that has the required access to the GraphQL API

    • Client ID: The client ID you retrieved earlier

    • Active: Check this checkbox

  3. Click Save.

Your application should now appear in the list of applications.

You should now have the necessary components in place to make GraphQL API requests with your script by passing the access token received from Auth0 from a Client Credentials Grant flow.