Authentication types supported in Worksoft SaaS and their Usage
Worksoft SaaS wsCONNECT works well with any RESTful services and SOAP Services.
The authentication types supported by Worksoft SaaS wsCONNECT are:
Authentications supported:
- HTTP Basic, HTTP Digest & oAuth 2.0 for Restful services
- HTTP Basic for SOAP services
Auth type: HTTP Basic (for RESTful and SOAP services)
There are basically three commands that you need to use for setting up basic authentication. These are
- wsAuthenticationType
- wsSetUsername
- wsSetPassword
Auth type: HTTP Digest
- wsAuthenticationType
- wsSetAlgorithm
- wsSetUsername
- wsSetPassword
Auth type: OAuth 2.0
Of the authentication types supported by Worksoft SaaS, OAuth requires more steps/commands to configure the authentication. This is because of the number of ways OAuth can be implemented by different applications. Worksoft SaaS supported following types of grants.
- Authorization Code. Refer to example here for how to automate in Worksoft SaaS
- Authorization Code (with PKCE). Refer to example here for how to automate in Worksoft SaaS
- Client Credentials. Refer to example here for how to automate in Worksoft SaaS
- Implicit. Refer to example here for how to automate in Worksoft SaaS
- Password &
- Refresh Token
Note: Of these grant types, "client credentials" is mostly used for traffic between two APIs. In most of our customer implementations we see this grant type used.
To support these 6 grant types, Worksoft SaaS uses below set of commands.
- setClientIdForOAuth
- setAccessTokenURLForOAuth
- setAuthorizationURLForOAuth
- setAuthorizeLocatorForOAuth
- setClientAuthenticationForOAuth
- setClientSecretForOAuth
- setCodeChallengeMethodForOAuth
- setCodeVerifierForOAuth
- setGrantTypeForOAuth
- setPasswordForOAuth
- setRedirectURLForOAuth
- setRefreshTokenForOAuth
- setScopeForOAuth
- setStateForOAuth
- setUserNameForOAuth
And below table illustrates where to use these commands i.e. for which grant type you need to use which set of commands.
setClientIdForOAuth
| Command | Authorization Flow | Authorization Flow with PKCE | Implicit Flow | Client Credentials | Password Flow | Refresh Flow |
|---|---|---|---|---|---|---|
| setClientIdForOAuth | Yes | Yes | Yes | Yes | Conditional | Yes |
| setClientSecretForOAuth | Yes | Yes | Yes | Yes | Conditional | Yes |
| setRedirectURLForOAuth | Yes | Yes | Yes | No | No | No |
| setScopeForOAuth | Optional | Optional | Optional | Optional | Optional | Optional |
| setStateForOAuth | Optional | Optional | Optional | Optional | Optional | Optional |
| setGrantTypeForOAuth | Yes | Yes | Yes | Yes | Yes | Yes |
| setAuthorizationURLForOAuth | Yes | Yes | Yes | No | No | No |
| setAccessTokenURLForOAuth | Yes | Yes | No | Yes | Yes | Yes |
| setClientAuthenticationForOAuth | Optional | Optional | Optional | Optional | Optional | Optional |
| setCodeChallengeMethodForOAuth | No | Optional | No | No | No | No |
| setCodeVerifierForOAuth | No | Optional | No | No | No | No |
| setAuthorizeLocatorForOAuth | Yes | Yes | Yes | No | No | No |
| setRefreshTokenForOAuth | No | No | No | No | No | Yes |
| setUserNameForOAuth | No | No | No | No | Yes | No |
| setPasswordForOAuth | No | No | No | No | Yes | No |