On this page

OAuth is an open-standard authorization protocol. It allows you to authorize API access to Teamwork Cloud Admin and other modeling tools. Once access has been granted, the authorized application can utilize the API on behalf of the user. Only users with Configure Server permission can create and manage client keys. After creating the key, you must approve it, which can be done in the Client keys (Consumer keys for OAuth 1.0a) data table. When the client key is approved, its status will change to Approved. This feature enables you to easily change the status of client keys, allowing you to control users' sign-in requests. 

The client key is unique, but the assigned client name and client secret can be changed. If changes occurred, the Administrator should provide a new client name and secret to the user. 

The supported client types are OAuth 1.0a, OAuth 2.0*, and OpenID Connect

*OAuth 2.0, which stands for “Open Authorization”, is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user. OAuth 2.0 provides consented access and restricts actions of what the client app can perform on resources on behalf of the user, without ever sharing the user's credentials.


Creating the OAuth client keys

To create a OAuth 1.0a client


  1. In the Settings application, go to the OAuth clients page. 
  2. Select a client type tab - OAuth 1.0a.

    You can also choose the Client type in the client creation dialog.


  3. In the right-bottom corner, click the Create client button.
  4. In the open dialog, enter the Consumer name and Consumer secret.
  5. Re-type the consumer secret.
  6. Click Save.


To create a OAuth 2.0 or OpenID Connect client


  1. In the Settings application, go to the OAuth clients page. 
  2. Select a client type tab - OAuth 2.0 or OpenID Connect.

    You can also choose the Client type in the client creation dialog.


  3. In the right-bottom corner, click the Create client button.
  4. In the open dialog, enter the Client name and Client secret.
  5. Re-type the client secret.
  6. Enter Redirect URIs. Multiple enties are available by pressing enter after each URI.
  7. Choose the needed Grant types and Response types.
  8. Click Save.


When you click the Save bytton, a client key (consumer key for OAuth 1.0a) is immediately generated and added to the Client keys data table. Now, to activate the new client key, you have to approve it


Supported Grant and Response types

Client typeGrant typesResponse types
OAuth 2.0

authorization_code

password

refresh_token

urb:ietf:params:oauth:grant-type:device_code

code

token

OpenID Connect

authorization_code

password

refresh_token

urb:ietf:params:oauth:grant-type:device_code

code

code id_token

code id_token token

code token

id_token

id_token token

Actions with created client keys

To edit the client name, secret, or redirect URIs


  1. In the client key table, indicate the client key row you want to change.
  2. At the end of a needed row, click  and select Edit. The confirmation dialog opens.
  3. In this dialog, change the client name, client secret, or redirect URIs (for OAuth 2.0 and OpenID Connect) . Note that the client key is unique and cannot be changed. 
  4. Click Save to save changes. 


To approve or disapprove the client key


  1. In the client key table, indicate the client key row you want to approve (or disapprove). 
  2. At the end of a needed row, click  and select Approve (or Disapprove). The confirmation dialog opens.
  3. In this dialog, confirm that this client key will be approved (or disapproved). 


To remove a client key


  1. In the client key table, indicate the client key row you want to change
  2. At the end of a needed row, click  and select Remove. The confirmation dialog opens.
  3. Click Remove to permanently remove client key.