Adding Users

Click the icon in the Add User column next to the application that was created in the previous steps.

This will initiate a wizard. As a first step, select a name for the user. This doesn't need to map to the username used by the service provider but will only be used inside the Management Console.

In the next screen there is an authorization link that must be clicked.

Clicking the link will take you to the service provider's website. At Twitter, this looks as follows:

Enter the username and password and click Authorize app. The service provider now forwards us to the callback URL and if the authorization was successful, you should see this page:

Close the browser tab and return to the Management Console. Click Next in the wizard and you will see the access tokens that can be used for accessing the service provider on the user's behalf. They have been securely stored in the Management Console's key store and can now be used as input to schedules. However, because we will need some sample access tokens as test input for the robot that we will build in a later step, copy the values into a text editor such as Notepad. For security reasons, you will not be able to retrieve them from the key store in unencrypted form after having clicked Finish.

At Twitter, we get both an access token and an access token secret. Service providers that use OAuth 2.0 do not use an access token secret, so they will only return an access token. Some service providers will additionally return a refresh token. This is used when the access tokens returned by the service provider are only short-lived. Robots can then use the refresh token to obtain new access tokens without a user having to re-authorize through the Management Console. To create robots against the API of a service provider, one must copy all of the tokens displayed at the final step of the wizard.

After clicking Finish, we should now see a user in the Users section of the OAuth tab.

Note that if you later edit the user, the access token, access token secret and refresh token will be displayed as "(encrypted)" for security reasons. To change any of these, simply replace this value in the input field with the value; otherwise, leave as-is when editing a user.

Next, we will show how to write a robot that accesses an API that uses OAuth.