From the Staffbase Studio, you can create OAuth client access tokens that provide seamless and secure connectivity between Staffbase and third-party applications or platforms.
OAuth client access enables external applications to interact with the Staffbase platform in a streamlined and secure way. By creating an OAuth client in the Staffbase Studio, you establish standards-based authentication flows that generate scoped access tokens on behalf of users. This setup ensures secure data exchange while allowing your integration to access only the specific Staffbase data or APIs it needs.
Prerequisites
- You have a clear understanding of which API scopes your integration requires.
- You have OAuth clients activated for your platform. Contact Staffbase Support or your Customer Success Manager for more information.
- You have an understanding of which OAuth type you want for the integration.
- You have the following information:
- The website URL to which you want to redirect the users after authentication
- The host URL that matches the domain of your redirect URI
- In the Studio, navigate to Settings > OAuth Clients.
- Click Create OAuth Client.
The Create a New OAuth Client dialog opens. - Select one of the following options and provide the details:
- In the Client Name field, provide a name for the OAuth client.
- In the Scopes field, enter the permission scope for the request. For example, use groups:read:all to read the group information.
- In the Redirect URI field, provide the URL to which you want to redirect the users after authentication.
- In the Allowed CORS Origins field, provide the host URL that matches the domain of your redirect URI.
- Click Create.
You have created the OAuth client access.
You will be redirected to the OAuth overview page, which contains the details of the access you created.
- In the Client Name field, provide a name for the OAuth client.
- In the Scopes field, enter the permission scope for the request. For example, use groups:read:all to read the group information.
- In the Redirect URI field, provide the URL to which you want to redirect the users after authentication.
- In the Allowed CORS Origins field, provide the host URL that matches the domain of your redirect URI.
- Click Create.
The confirmation dialog opens. - Click Copy Client Secret to store the Client Secret you will need later.
- Click Confirm.
You have created the OAuth client access.
You will be redirected to the OAuth overview page, which contains the details of the access you created.
- In the Client Name field, provide a name for the OAuth client.
- In the Scopes field, enter the permission scope for the request. For example, use groups:read:all to read the group information.
- Under Authentication, select one of the following to verify the identity of the OAuth client.
- Click Copy Client Secret to store the Client Secret you will need later.
- Click Confirm.
- In the JSON Web Key Set field, either leave the field empty to auto generate the key or enter a key.
- Click Create.
- Click Copy JWKS and Copy Private Key to store the keys securely.
- In the JSON Web Key Set URI field, enter the endpoint for the web key set.
- Click Confirm.
Next Step
Use the generated OAuth client credentials in your application to initiate the correct OAuth flow.