OAuth app authorization with QRadar

Apps use the OAuth authorization protocol to authorize the app to access QRadar® resources.

Configure OAuth parameters in the authentication section of the manifest file. The only mandatory entry is for the "requested_capabilities". When users install the app by using the Extensions Management tool in QRadar, they select a user that has the user capability that is defined in "requested_capabilities". When this authorization is configured, the app can access QRadar resources.

The following example shows the authentication section in the manifest file.

"authentication": 
              { "oauth2": { 
                   "authorisation_flow": "CLIENT_CREDENTIALS", 
                   "requested_capabilities": ["ADMIN"] } }

The "authorisation_flow" entry is optional. The only accepted value is "CLIENT_CREDENTIALS".

If the authorization is not configured as CLIENT_CREDENTIALS, the installation fails and returns the following message:

"OAuth flow type X is not currently supported".

The "requested_capabilities" must contain at least one entry. It provides the capability or permissions that the app needs to function in QRadar. The app installation fails if the requested_capabilities capability that is configured is not listed in QRadar.