The KB uses OAuth 2.0 to allow provisioned users to request API tokens for use within an application. This document describes the process and policy regarding OAuth requests to access the KB's Private API layer.
OAuth Provisioning Policy
The following conditions must be met in order to make an oAuth request:
- The requester must have the same or higher level of access as the OAuth account they are requesting.
- The request must be for a group space to which the requester has access
- The request must only necessitate group space permissions that are matched or exceeded by the requester's own permissions
- The request must be sent from an email address associated with an existing KB user account, which must meet the requirements above.
OAuth requests can be sent to firstname.lastname@example.org.
When making an OAuth request, please supply the following information:
- Your name (First, Last)
- The KB group space whose data the OAuth account will be accessing
- The existing KB user account within the above group space that the oAuth account should be tied to. The OAuth account will have the same permissions as this user account (e.g. Internal site access, User Access Group membership, etc.)
- Note: To keep your site data as secure as possible, we recommend tying your OAuth account to a KB user account has the minimum required permissions based on how the OAuth account will used. For example, if the OAuth account does not need access to read access-restricted documents, do not tie it to a user account with User Access Group membership.
- Whether the account needs access to external site data, internal site data, or both
Once the KB Team has reviewed your request, we will follow up with you directly to provide you with your account information.