The roles and rights must be added for users (based on the manager role) for accessing the Smart API.
The following image is a representation of the configuration parameters (using a REST client) for authorization using PKCE.
-
This applies to all identity providers (IdPs), such as Smart Completions authentication server, Smart API Manager, Okta, or Azure AD.
-
To get an access token using Smart Completions authentication server as the IdP, see Using Postman.
The following table lists the parameters involved in the OAuth 2.0 authorization process when using the Proof Key for Code Exchange (PKCE) authorization flow.
Parameter |
Type |
Description |
---|---|---|
Grant Type |
Required |
Represents the authorization_code for the authorization code flow. |
Callback URL |
Required |
The redirect_uri of your app, where authentication responses can be sent and received by your app. It must exactly match one of the redirect URIs registered in the identity provider, except it must be URL-encoded. |
Auth URL |
Required |
The endpoint for Smart Completions authentication server to retrieve the authorization code. |
Access Token URL |
Required |
Smart Completions authentication server to exchange an authorization code for an access token. |
Client Id |
Required |
The ID assigned to your application by the IdP. |
Client Secret |
Optional |
The application secret that you created in the app registration portal for your app. |
Code Challenge Method |
Recommended/ Required |
The method used to encode the code_verifier for the code_challenge parameter. This must be SHA256, but the specification allows the use of plain, if the client cannot support SHA256. |
Code Verifier |
Recommended |
Indicates the same code_verifier that was used to obtain the authorization code. Automatically generated when undefined. |
Scope |
Required |
A space-separated list of scopes. The scopes must all be from a single resource, along with OIDC scopes (profile, openid, email).
|
State |
Optional |
A value included in the request which is also returned in the token response. It can be a string of any content that you wish.
|
An access token is a long string of characters, for example: