Skip to main content

OAuth 2.0 authorization

The $http service allows executing HTTP requests with authorization using the OAuth 2.0 protocol.


The preferred way to integrate the bot with popular services that require OAuth 2.0 authorization is to use the built-in $integration service rather than $http.


To enable OAuth 2.0 authorization, add the oauth2ResourceDetail property to the settings you pass to $http.query or $http.config. It should be an object with the following properties:

  • grantType.


    JAICP only supports grant types that don’t require a user to navigate to an external authorization service. For example, client_credentials is supported, while authorization_code isn’t.

  • accessTokenUrl — the endpoint where JAICP will submit all requests to issue or renew an access token.

  • clientId issued by the resource server when registering the application.

  • clientSecret issued by the resource server when registering the application.


oauth2ResourceDetail may contain other properties as well: their exact set depends on the resource server.

How to use

If a bot user is the one who needs authorization, every user should use their own credentials.

state: UserName
q!: * what [is/'s] my name *
$temp.response = $http.query("", {
oauth2ResourceDetail: {
grantType: "client_credentials",
accessTokenUrl: "",
clientId: "bot",
// The client secret should be obtained from the user.
clientSecret: $client.secret,
// Other properties
parameterIncludes: { realm: "/customer" },
tokenPrefix: "sso_1.0_"
if: $temp.response.isOk
a: Your name is {{$}}.
a: I don’t know…