In our organization, we are attempting to transition from using Basic Authentication to using OAuth for third party server-side applications as described here
We run an on-prem installation of Orchestrator 2021.4. As Basic Authentication will be removed in 2021.10, we are very interested in making the transition to OAuth sooner rather than later.
We have created and tested External Applications using both User Scope and Application Scope. It is my understanding that User Scope is intended for a live user as it requires human intervention to give consent during the authentication flow, so for our server-side applications we should use Application Scope. Is this assumption correct?
However, we cannot find any options for restricting access to specific Folders when using Application Scope. As with just about any other organization under the sun, ours has many different departments and we do not wish that an External Application used by department A has access to resources from department B.
Is it really true that the OAuth way of authenticating when using third party applications does not allow us to restrict access to certain folders on a per External Applcation basis? In my view, this is a major step back from Basic Authentication, where one was able to set fine-grained access on a specific User in Orchestrator.
It seems that you have trouble getting an answer to your question in the first 24 hours.
Let us give you a few hints and helpful links.
First, make sure you browsed through our Forum FAQ Beginner’s Guide. It will teach you what should be included in your topic.
You can check out some of our resources directly, see below:
Always search first. It is the best way to quickly find your answer. Check out the icon for that.
Clicking the options button will let you set more specific topic search filters, i.e. only the ones with a solution.
Topic that contains most common solutions with example project files can be found here.
Read our official documentation where you can find a lot of information and instructions about each of our products:
Meet us and our users on our Community Slack and ask your question there.
Hopefully this will let you easily find the solution/information you need. Once you have it, we would be happy if you could share your findings here and mark it as a solution. This will help other users find it in the future.
Thank you for helping us build our UiPath Community!
That is correct, although users don’t have to grant consent as the admin grants org-wide consent when registering the External Applications. However, applications leveraging User Scopes requires that a user is present and is able to enter their credentials in a user interface.
You are correct here as well. Our team has decided that we will delay the deprecation of Basic Authentication until we fill in the gaps in the scenarios such as the one you have described.
