# Setup Authorization code flow

## Setup overview in OData connector configuration

<figure><img src="/files/o4ZdFSskY8XG7olFkp1Y" alt=""><figcaption></figcaption></figure>

### Setup

#### Auth URL

Get **Authority URL** value from IFS Cloud.

{% content-ref url="/pages/pehKlFbKxppGwLyn2F5y" %}
[Obtaining Authentication related URLs from IFS Cloud](/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models/obtaining-authentication-related-urls-from-ifs-cloud.md)
{% endcontent-ref %}

#### Access Token URL

Get **Access token URL** value from IFS Cloud.

{% content-ref url="/pages/pehKlFbKxppGwLyn2F5y" %}
[Obtaining Authentication related URLs from IFS Cloud](/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models/obtaining-authentication-related-urls-from-ifs-cloud.md)
{% endcontent-ref %}

#### IFS IAM Client details (Client Id, Client Secret)

Create IAM client like in example.&#x20;

{% hint style="info" %}
Name IAM client so that it can be identified as being used by Flow. Also adding postfix describing authentication type would be a good idea.

Example name: NC\_Flow\_AuthCode, Novacura\_AuthCode
{% endhint %}

<figure><img src="/files/iGlS8CBl4Qycn96Nauks" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Use same name for same type of IAM client in all customers IFS Cloud instances.
{% endhint %}

#### Scope(s)

Set default value of **openid microprofile-jwt** to OData connectors *Scope(s)*.

#### WIP - Additional query parameters

?

## WIP - Flow Server User Setup

Flow User Id can be different IFS User Id.

Add IFS userid to user specific connector setup.

![](/files/OPrdBSFjK1pYUTjPQU9v)

![](/files/WI32FWTUeIEI1FMYoFBd)

**OPEN ISSUE: is connector level user name Identity or Directory Id from IFS? Depends on if user is authenticated in IFS or external IDP?**&#x20;

## WIP - Effect to Flow development

Flow apps using connector with Runtime authentication type Authorization Code authentication cannot be debugged in Studio.&#x20;

For flow developer this means that prior debugging connector in flow must be changed to connector using Runtime authentication type of Client Credentials or Password Credentials. Alternatively, if flow has a lot of fragments and changing the connectors in all fragments takes a lot of time you can have copy of the flow (+ fragments) using connector using Runtime authentication type of Client Credentials or Password Credentials.

Notice that possible to have connector using Password Credentials requies that IFS User has password defined in IFS and SSO login is disabled.

If flow uses projections that require authentication as actual user in IFS, then debugging can only be done by running tests in NC client.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.novacura.com/flow-ifs-cloud-development-guidelines/flow-development-with-odata/configuration/authentication-models/setup-authorization-code-flow.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.