Guides

Creating Portal Apps

Suggest Edits

Creating a Portal OAuth app

You will need to create a Portal App.

  1. Log into the Portal Tools using your Portal account
  2. Click the Create New App button.
  3. In "Name", type the name of your app.
  4. In "Logo URL", type the URL for the logo (optional).
  5. In the "Configure your app screen" enter the redirect URLs (ie https://app.example.com/auth/callback).
  6. Choose the applicable grant types.
  7. Choose App authentication mode.
    • Public - For apps authenticating via PCKE (ie Javascript apps).
    • Private - For server to server auth flows.
PARAMETER NAMETYPEDESCRIPTION
namestringThe name of the 0Auth app
callbacksstring[]An array of strings.

The strings provided must be valid URLs
grantTypesstring[]authorization_code - This grant type is required for authorization flows and requires the code response type to be present.
refresh_token - This grant type is required to permit the use of refresh tokens.
client_credentials - This grant type is used to permit resource own flow where the client authenticates as the owner of resources (IE games).
urn:ietf:params:oauth:grant-type:device_code - This grant type is used for clients to use the device token flow to authenticate users. This grant type is only permitted for public clients as tokenEndpointAuthMethod should be set to none. RFC 8628: OAuth 2.0 Device Authorization Grant
clientTypestringPrivate clients require that both client and client id are provided to exchange an access token.

When the responseType is set to private the token_endpoint_auth_method is set client_secret_post - Provide client credentials in the client post body.

When the response type is set to "public" the token_endpoint_auth_method none - Register the client as a public client which cannot use client secret. (required for PKCE, device token flows)
authMethodstringString indicator of the requested authentication method for the token endpoint. Values defined by this specification are:

https://datatracker.ietf.org/doc/html/rfc7591#section-2

` * "none": The client is a public client as defined in OAuth 2.0,
Section 2.1, and does not have a client secret.

- "client_secret_post": The client uses the HTTP POST parameters
as defined in OAuth 2.0, Section 2.3.1.

- "client_secret_basic": The client uses HTTP Basic as defined in
OAuth 2.0, Section 2.3.1.`

Native Apps

Native APIs are used for platforms such as Unity or Unreal. Native apps require a specific format for redirectUris to be used.

When the clientType is set to native the format of the url should be defined using reverse domain format org.example.photoprintr://auth/callback as described here https://www.oauth.com/oauth2-servers/oauth-native-apps/redirect-urls-for-native-apps>

Updated 3 months ago

What’s Next