ROPC flow Authentication Objects
In our ongoing efforts to expand integration capabilities, we are introducing a new Generic ROPC (Resource Owner Password Credentials) flow in Authentication Objects. This enhancement allows integration with any provider that supports ROPC, giving users greater flexibility in connecting their authentication processes with external systems.
Generic ROPC flow
ROPC flow is a simple authentication method where users provide their credentials (username and password) directly to obtain an access token. This flow is particularly useful in scenarios where interactive login is not possible, such as system-to-system authentication or secure backend service connections.
With our new Generic ROPC Authentication Object, users can now configure authentication by providing only the essential parameters:
- Token URL – the endpoint where authentication requests are sent
- Username and Password – credentials for authentication
Optional fields allow for greater control and flexibility:
- Refresh Token URL – if the provider supports refresh tokens, this can be specified to maintain access without repeated logins
- Client ID and Client Secret – required by some providers for additional security
- Scope – defines the level of access granted by the token
Expiry Date feature
Beyond introducing ROPC, we are also enhancing all Authentication Objects with an Expiry Date feature. This ensures that secrets with expiration policies are managed proactively, preventing unexpected authentication failures.
Now, when setting up an Authentication Object, users can set an expiry date for credentials and specify which parameters it applies to (for example, client secrets). This feature allows for better oversight by enabling users to filter Authentication Objects by the expiry date, making it easier to track and renew credentials before they lapse.
Additionally, automated notifications can be configured via the Sequencer to send email reminders when expiration is approaching, ensuring uninterrupted access.
Summary
These updates streamline authentication configuration, making it easier to integrate with external providers while also improving security and credential management.
The new Generic ROPC Authentication Object, paired with our Expiry Date feature, gives you control over your authentication processes. You can now properly configure, monitor, and maintain your credentials with clear visibility into expiration timelines. Set up your automated notifications, stay ahead of credential renewals, and ensure your integrations remain secure and fully operational at all times.