Update an OAuth 2.0 access token from a service

An OAuth 2.0 access token stored as a secret can be updated from a service. This can be used to refresh the token, either on demand from the API explorer, from another service or app, or using a schedule.

Before you create this service:

You must first create the secret where the access token should be stored. The secret must be environment-specific and cannot be locked.
The user or service account that runs the service must have a role that has been granted the permission Update Secret from Service > SECRET_NAME.
You should have the documentation for the external API available, as you will need to construct a web request to fetch the new access token and map the token sent in the response.

To see how to run the service on a set schedule, for example every 24 hours, see Run a service on a schedule.

1. Create/choose a service

If you have an existing service that you use for integration with the external API, you can open that service.

If you do not have an existing service, or if you you want to create a new service specifically to update the secret, create a new service.

Under Services, click New Service.
1. Enter a name.
2. Click Create Service.

2. Create a new endpoint

When called, the endpoint will trigger an action that runs a Web request to an external API to refresh the token. The token returned is temporarily stored in a Service variable before the secret is updated.

In the service:

Add a new endpoint or use the default endpoint that is created.
1. Enter a Name.
2. Check Enable Log to create a log entry every time the endpoint is run.
3. Verify that GET is selected under Methods.
Go to the Data tab.
1. Click Service Variables in the list of data sources.
2. Click Add Runtime Property.
3. Enter a name. This variable will be used for temporarily storing the token.
Go to the Actions tab.
1. Add a new action.
2. Add an Update object action node.
  1. For the Data Source property, select Service Variables.
  2. Under Values on update, set the token Service variable to null. This ensures the value is reset every time the service is run.
3. Add an Web request action node.
  1. Configure the request to fetch a new access token as per the format required by the external API.
  2. Add a Result Mapping.
  3. For the Data Source property, select Service variables.
  4. Map the access token key in the response to the token Service variable.
4. Add an If action node.
  1. For the Condition property, create a condition that checks if the token Service variable has a value.
5. Inside the If action node, add an Update secret action node.
  1. For the Secret property, select the secret you have created to store the access token.
  2. For the Value property, bind it to the Service variable containing the access token.
Go to the Endpoints tab.
1. For the Process Action property, select the action you just created.

Test the service to ensure the access token is returned and the secret is updated. Remember that the user or service account that runs the service must have a role that has been granted the permission Update Secret from Service > SECRET_NAME.

PreviousWorkflow automation NextAuthentication and access control

Last updated 5 months ago

Was this helpful?