OAuth2 Client Credentials
The OAuth2 credentials tab allows users to create credentials that you can use to connect shared capabilities such as Planview OKRs to other tools that need access data from those capabilities such as Power BI.
This article will show you how to manage and generate OAuth2 credentials in Planview Admin. To learn how to use your credentials to connect to Planview OKRs, see Accessing Planview OKR Data with OData.
OAuth2 credentials table
OAuth2 client credentials are displayed in a table in the OAuth2 credentials tab. The table displays the following information.
| Header | Description |
|---|---|
| Name | The name of the credentials. |
| Application | The application the credentials are used to access. |
| Created on | The date the credentials were created. |
| Created by | The user that created the credentials. |
| Last used on | The latest date the credentials were used. |
| Revoked on | The date the credentials were revoked. This field will be blank if the credentials are still active. |
| Revoked by | The user that revoked the credentials. This field will be blank if the credentials are still active. |
| ID | The client ID generated when the credentials were created. |
Managing OAuth2 credentials
To add new OAuth2 client credentials:
- In the OAuth2 credentials tab, click Create OAuth2 credentials.
- Name your credentials and select an application form the dropdown.
- Click the Create OAuth2 credentials button. A new modal will appear with a client ID and Secret.
- Copy the ID and Secret and store them in a secure location. You can click the icons to the right of each field to copy them to your clipboard.
- Click Close.
WARNING
For security reasons, you cannot view the client Secret once you click Close. Please make sure that you completed Step 4. Publicly exposing your credentials can leave your account vulnerable to unexpected or malacious actors.
The new credentials are added to the credentials table.
To revoke existing credentials:
- In the credentials table, click on the three dots at the end of the row that belongs to the credentials you want to revoke.
TIP
To revoke multiple credentials at once, check the boxes next to the credentials you want to revoke, open the Actions menu in the upper right corner of the page, and click Revoke credentials.
- Click Revoke credentials.
- In confirmation modal that appears, click the Revoke credentials button.
WARNING
Proceeding with this action will immediately invalidate the authentication for any selected credentials. This action cannot be undone. Any integration using the selected credentials for authentication will immediately lose access to its associated products. You will need to reconfigure the authentication to continue accessing any product connected to the selected credentials.
The selected credentials will be revoked.
Using OAuth2 credentials
The OAuth2 credentials can be used with the OAuth2 Client Credentials flow to obtain an access token. This access token can then be used to access APIs such as for OKRs reporting.
Make a POST request to https://<region>.id.planview.com/io/v1/oauth2/token where <region> is one of "us", "eu" or "ap". For example:
curl -X POST https://<region>.id.planview.com/io/v1/oauth2/token \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'grant_type=client_credentials' \ -d 'client_id=<Client ID>' \ -d 'client_secret=<Client Secret>'
The response of the above command will be:
{
"access_token": <bearer token>,
"id_token": <idToken>,
"expires_in": <expiresIn>,
"token_type": <tokenType>
}
The the access token can then be used as a bearer token header on API requests:
Authorization: Bearer <bearer token>