Client Token Configuration

Client Token Configuration in PhixFlow

Client Token Configurations are created in PhixFlow from the Full Repository.

The processes are different depending on if the account is Microsoft Office 365 or Google. When creating a client token configuration, a client ID is required. This is obtained from Entra for Microsoft Office 365 accounts (see Email Account Integration) or from Azure/Google for Google accounts. You may require assistance from your IT Team for this.

Microsoft Office 365

 Show/Hide

  1. Open the  Full Repository and find the Client Token Configuration, then create a new one
    1. In PhixFlow version 11.3+, this can be done from the application's repository
  2. To allow a user to authenticate, choose the User flow
  3. Set the Client ID to the value obtained from Entra
  4. Set the Client Secret to the value obtained from Entra
  5. Set the Base URL to https://login.microsoftonline.com/common/ or https://login.microsoftonline.com/{tenantId}
    1. Typically, the tenantId is your email domain, e.g. mycompany.com
    2. Base URL example: https://login.microsoftonline.com/MyCompany.com/
  6. Set the Scopes to: user.read mail.read mail.send mail.read.shared mail.send.shared openid email offline_access
  7. Leave Identity Claim blank
  8. Enable Supports Inbound Email and Supports Outbound Email, as required

Google

 Show/Hide

  1. Open the  Full Repository and find the Client Token Configuration, then create a new one
    1. In PhixFlow version 11.3+, this can be done from the application's repository
  2. To allow a user to authenticate, choose the User flow
  3. Set the Client ID to the value obtained from Azure/Google
    1. You may require assistance from your IT Team for this
  4. Set the Client Secret to the value obtained from Azure/Google
  5. Set the Auth URL to https://accounts.google.com/o/oauth2/v2/auth?prompt=&access_type=offline
    1. For tokens to auto renew set access_type=offline as a parameter in the URL
    2. Set the Token URL to https://oauth2.googleapis.com/token
    3. Set the Scopes to https://mail.google.com/

Google only sends a refresh token on the first authentication. If a refresh token is not received, the connection from Google must be deleted and authenticated again.