SarahS.89561 (Customer) asked a question.
Following the below guidance to trigger a flow in Workflows, however, I can't locate the okta.workflows.invoke.manage scope that the guidance says you should grant
Also when adding an api endpoint in Workflows there is no option for Secure with OAuth 2.0
Am I missing somethere here
https://help.okta.com/wf/en-us/content/topics/workflows/execute/flow-api-endpoint.htm
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
@SarahS.89561 (Customer) -- Unless you are attempting to utilize the new EA feature to "further secure" the API Endpoint . The scope was from this section:
Secure with OAuth 2.0
Limited Early Access release
Use the following procedure to invoke the API endpoint for a flow using a secure OAuth 2.0 client credential exchange. This process requires a private JWT key.
By default it doesn't require anything more than specifying the invoke URL. This can be done even in a browser which will perform a GET method.
One hangup that people run into however is that they "add" the API Endpoint card and the flow has not yet ever been saved. So you end up with this:
https://tlaborninc.workflows.okta.com/api/flo/<alias>/invoke?clientToken=<client-token>
Notice the "variables" denoted by <value>. This occurs because the flow doesn't actually exist yet so no values have been created to populate those variables. If you create a flow, give it a name, save it & then add the API endpoint it will look like such:
https://tlaborninc.workflows.okta.com/api/flo/d8ecrandomcharactersc622f77/invoke?clientToken=3e0ca386randomcharactersc4292d3frandomcharactersc4e3da73f68d3bda2
Just taking that URL and dropping it in your browser will Invoke the endpoint (assuming the flow is in on ON state).
Hi Tim
Thanks for the info, what I am actually trying to do is trigger a flow based on an event in Ceridian Dayforce, the options for the connection are either Oauth 2.0 or username and password, see below
Help
@SarahS.89561 (Customer) -- Interesting. So the "Webhook URL" in this instance is the destination location (per their documentation)? And do you receive an error when using basic and providing "garbage values" for user/pass?
The reason I am asking is using an API Connector "POST" to the API Endpoint in another flow with basic auth selected is successful in Workflows. The API Endpoint isn't going to by default send any sort of of auth challenge response. But this also means if the sending side "Won't continue if the challenge doesn't occur" then I could see the process failing.
@TimL.58332 (Workflows) Hi Tim, it works with rubbish values but that's not very secure, that would indicate that anything can invoke the flow
I've had the early access feature enabled for OAuth 2.0 but just need to workout how to use that