OAuth Built-in Role

The C3.OAuthClient role provides full access to the actions on the OAuth Type. The OAuth Type manages OAuth 2.0 tasks, such as authorization flows, requesting and managing access tokens, and ensuring secure communication with the C3 Agentic AI Platform.

Copy link to this section

Use the C3.OAuthClient role

You can use the C3.OAuthClient role in multiple ways:

• Implicitly when you register an OAuth application
• When you develop a package and define access controls

Copy link to this section

Use the C3.OAuthClient role when you register an OAuth application

When you perform an OAuth 2.0 task, you register an OAuth application to generate credentials. Registering an OAuth application implicitly creates a user with the C3.OAuthClient role, so the application can authenticate and access APIs on behalf of the user.

Copy link to this section

Use C3.OAuthClient role during package development

You can expand on the C3.OAuthClient role when setting up access controls during package development by copying the JSON contents of the C3.OAuthClient role and adding additional permission strings.

To show the JSON contents of the C3.OAuthClient role, run the following command in C3 AI Console:

Role.forId("C3.OAuthClient").toJson()

Copy the contents of the JSON file and add permission strings to expand the role capabilities. Here's an example role JSON file for the role MyOAuthClient that expands on the C3.OAuthClient role:

{
  "id": "MyOAuthClient",
  "description": "Provides access to all actions on the OAuth Type."
  "permissions" : [
    "allow:OAuth::*",
    "allow:User::fetch"
  ]
}

The MyOAuthClient role allows full access to the methods on the OAuth Type and grants permission to fetch all users in the application.

Copy link to this section

See also

• OAuth 2.0 Authorization in the C3 Agentic AI Platform
• Generate an Access Token
• Define Permissions