On this page


Other web applications can integrate with Authentication server through OAuth 2.0 protocol to authenticate users and access Teamwork Cloud REST API on behalf of those users.

Authentication server behaves as OAuth 2.0 Authorization Server. Web applications that need access to Teamwork Cloud REST API on behalf of an authenticated user should implement OAuth 2.0 Client functionality according to OAuth 2.0 protocol specification.

OAuth 2.0 integration

See OAuth 2.0 specification for more details.

Authentication server provides a JSON with all endpoints required for the integration. This JSON can be retrieved using https://<server_host>:8443/authentication/.well-known/oauth2.0-configuration endpoint. This JSON also returns supported response types and grant types.

Example JSON:

{

  "response_types_supported": [

    "token",

    "code"

  ],

  "device_authorization_endpoint": "https://localhost:8443/authentication/api/oauth2/device_code",

  "jwks_uri": "https://localhost:8443/authentication/jwks.json",

  "grant_types_supported": [

    "urn:ietf:params:oauth:grant-type:device_code",

    "refresh_token",

    "password",

    "authorization_code"

  ],

  "registration_endpoint": "https://localhost:8443/authentication/api/oauth2/register",

  "token_endpoint_auth_methods_supported": [

    "client_secret_basic"

  ],

  "scopes_supported": [],

  "issuer": "https://localhost:8443/authentication",

  "authorization_endpoint": "https://localhost:8443/authentication/oauth2/authorize",

  "token_endpoint": "https://localhost:8443/authentication/api/oauth2/token"

}


Authentication server supports the following authorization grants:

 

OAuth 2.0 client registration

To register OAuth 2.0 clients:

    1. Use the web UI: go to the Settings app of Web Application Platform and search for OAuth 2.0 tab in the OAuth clients section.
    2. Use registration_endpoint API: (see the example JSON).
      Example client registration request when using API:


POST https://localhost:8443/authentication/api/oauth2/register

BODY:

{

           client_name: “Client name”,

           redirect_uris: [“redirect uri”] // comma separated URIs

}


Limitations of the client registration endpoint:

  • You cannot provide supported grant types or response types – default options are set.
  • Authentication server generates the client secret automatically.

However, you can update all of these attributes any time in the OAuth clients section of the Settings app (i.e. using the web UI).

Teamwork Cloud REST API access

After the OAuth 2.0 client gets an access token after user authentication, it can call Teamwork Cloud REST API endpoints by providing the following header:

Authorization: Bearer <access token>