Orchestrator API OAuth Permissions


In our organization, we are attempting to transition from using Basic Authentication to using OAuth for third party server-side applications as described here


We run an on-prem installation of Orchestrator 2021.4. As Basic Authentication will be removed in 2021.10, we are very interested in making the transition to OAuth sooner rather than later.

We have created and tested External Applications using both User Scope and Application Scope. It is my understanding that User Scope is intended for a live user as it requires human intervention to give consent during the authentication flow, so for our server-side applications we should use Application Scope. Is this assumption correct?

However, we cannot find any options for restricting access to specific Folders when using Application Scope. As with just about any other organization under the sun, ours has many different departments and we do not wish that an External Application used by department A has access to resources from department B.

Is it really true that the OAuth way of authenticating when using third party applications does not allow us to restrict access to certain folders on a per External Applcation basis? In my view, this is a major step back from Basic Authentication, where one was able to set fine-grained access on a specific User in Orchestrator.

Hopefully we are missing a key point?

1 Like

Hello @hbpe!

It seems that you have trouble getting an answer to your question in the first 24 hours.
Let us give you a few hints and helpful links.

First, make sure you browsed through our Forum FAQ Beginner’s Guide. It will teach you what should be included in your topic.

You can check out some of our resources directly, see below:

  1. Always search first. It is the best way to quickly find your answer. Check out the image icon for that.
    Clicking the options button will let you set more specific topic search filters, i.e. only the ones with a solution.

  2. Topic that contains most common solutions with example project files can be found here.

  3. Read our official documentation where you can find a lot of information and instructions about each of our products:

  4. Watch the videos on our official YouTube channel for more visual tutorials.

  5. Meet us and our users on our Community Slack and ask your question there.

Hopefully this will let you easily find the solution/information you need. Once you have it, we would be happy if you could share your findings here and mark it as a solution. This will help other users find it in the future.

Thank you for helping us build our UiPath Community!

Cheers from your friendly

That is correct, although users don’t have to grant consent as the admin grants org-wide consent when registering the External Applications. However, applications leveraging User Scopes requires that a user is present and is able to enter their credentials in a user interface.

You are correct here as well. Our team has decided that we will delay the deprecation of Basic Authentication until we fill in the gaps in the scenarios such as the one you have described.

We will be updating our docs and warnings soon.

Thank you for sharing this feedback.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.