From the Manage > OAuth clients page in the Control Room, authorized users can view and manage existing OAuth clients, based on the permissions listed below.

Two dedicated Control Room permissions govern who can view and manage OAuth clients.

Permission: Application Registration View
  • Grants read‑only access to the OAuth clients page.
  • Users can view the list of registered OAuth clients and their metadata.
  • Users cannot create, update, or delete OAuth clients.
Permission: Application Registration Manage
  • Grants full administrative access to OAuth clients page.
  • Users can create new OAuth clients, update configuration (such as redirect URIs and descriptions), and delete clients.

These permissions ensure only authorized users can control which applications are allowed to request tokens from Automation 360.

View registered OAuth clients

The OAuth clients page lists all the OAuth clients registered in the Control Room. For each client, you can view:View OAuth client details

  • Client ID - A unique identifier for the OAuth clients.
  • Client secret - A confidential secret associated with the client. The secret is masked by default and is intended to be stored securely by the external application.
  • Grant type - The grant types that the client is allowed to use, based on your configuration. Automation 360 supports the following OAuth 2.0 grant types:
    • Authorization Code
    • Authorization Code with PKCE
    • Refresh Token
  • Token URL endpoint - The endpoint used to exchange an authorization code or refresh token for a new access token.
  • Refresh URL endpoint - The endpoint used for refresh token flows, if different from the token URL.
  • Authorization URL endpoint - The endpoint used to initiate the Authorization Code or PKCE flow.

Users with Application Registration View permission can see these details but cannot modify or delete clients.

Edit an OAuth client

  1. Log in to Automation 360 Control Room.
  2. From the left navigation, select Manage.
  3. Navigate to OAuth clients. It lists all the OAuth clients registered in the Control Room.
  4. Select the OAuth client you want to edit.
  5. Click Edit.
  6. Update the allowed fields shown below:Edit OAuth client details
    • Application name
    • Application type
    • Description
    • Redirect URIs
      Note: You can add new redirect URIs or remove existing ones.
  7. Click Save changes.

When you update an existing client, you will see a warning stating that configuration changes might impact existing integrations using that client.

Delete an OAuth client

  1. Log in to Automation 360 Control Room.
  2. From the left navigation, select Manage.
  3. Navigate to OAuth clients. It lists all the OAuth clients registered in the Control Room.
  4. Click vertical ellipsis or more options icon ( vertical ellipsis icon) next to the Client ID of the application you want to remove.Delete OAuth client
  5. Click Delete OAuth client icon.
  6. Review the confirmation message and click Delete.

    Confirmation message to delete an OAuth client

Deleting a client removes its configuration from Control Room and prevents it from obtaining further tokens. Existing tokens continue to work until they expire, based on the configured Token expiration time and Refresh token lifetime.

Auditing

Control Room records the following events related to OAuth client registration and lifecycle management:

  • OAuth client created: Captures information such as application name, description, Client ID, redirect URIs, and other metadata when a new client is created.
  • OAuth client updated: Logs when any configuration of an existing OAuth client is modified, such as changing redirect URIs or descriptions.
  • OAuth client deleted: Logs when an OAuth client is removed from the Control Room.

These audit records support governance, compliance, and troubleshooting for administrators managing OAuth client registrations. See OAuth client audit entries