Skip to main content
Select Actions to adjust the guide
Some actions may require additional configuration in the provider to be accessible. Choose the actions you need and the guide will be updated.
Action
Scope(s)
Loading actions…
Dynamic Guide URL
Scopes Selected
Separator
You must have administrator access to your Liferay instance to register OAuth2 applications in the OAuth2 Administration panel.

Create a Headless Server OAuth2 application in Liferay

Register a Headless Server OAuth2 application in Liferay to obtain credentials for server-to-server authentication.

1

Sign in to Liferay

Sign in to your Liferay instance as an administrator.

  • Open the Applications Menu from the top navigation bar.
  • Navigate to Control Panel > Security > OAuth2 Administration.
  • Click the New button in the top-right corner to add a new application.
2

Fill in application details

Complete the application form.

  • Application Name: StackOne
  • Select Client Secret Basic or Post as the Client Authentication Method.
  • Select Headless Server as the Client Profile.
  • Under Allowed Authorization Types, enable Client Credentials.
  • Under Client Credentials User, select a user — this user’s permissions determine what the integration can access.
3

Save and copy the client credentials

Save the application and copy the generated credentials.

  • The Client ID is shown on the application overview page.
  • The Client Secret is displayed only once after the application is saved — copy it immediately and store securely for use later.
4

Configure scopes

Enables actions: Add Users To User Group, Assign Account Role To User, Assign Role To User, Assign User To Account, Create Account, Create Blog Posting, Create Blog Posting Comment, Create Comment Reply, Create Document, Create Document Comment, Create Document Folder, Create Document In Folder, Create Organization, Create Role, Create Structured Content, Create Structured Content Comment, Create Structured Content Folder, Create User Account, Create User Group, Delete Account, Delete Blog Posting, Delete Comment, Delete Document, Delete Document Folder, Delete Organization, Delete Role, Delete Structured Content, Delete Structured Content Folder, Delete User Account, Delete User Group, Get Account, Get Account By External Reference Code, Get Blog Posting, Get Comment, Get Content Structure, Get Document, Get Document Folder, Get My User Account, Get Organization, Get Role, Get Role By External Reference Code, Get Site, Get Site By Friendly URL Path, Get Structured Content, Get Structured Content Folder, Get User Account, Get User Account By Email Address, Get User Group, List Account Roles, List Account User Accounts, List Accounts, List Blog Posting Comments, List Blog Postings, List Child Organizations, List Comment Replies, List Content Structures, List Document Comments, List Document Folder Documents, List Document Folder Subfolders, List Document Folders, List Documents, List My Sites, List Organization User Accounts, List Organizations, List Roles, List Site Taxonomy Vocabularies, List Site User Accounts, List Structured Content Comments, List Structured Content Folder Contents, List Structured Content Folder Subfolders, List Structured Content Folders, List Structured Contents, List Taxonomy Categories, List User Accounts, List User Accounts By Status, List User Group Members, List User Groups, List User Groups For User, Remove User From Account, Remove Users From User Group, Replace Comment, Unassign Role From User, Update Account, Update Blog Posting, Update Document, Update Document Folder, Update Organization, Update Role, Update Structured Content, Update Structured Content Folder, Update User Account, Update User Group

After saving the application, open the Scopes tab and enable the scopes your integration needs access to.

Liferay.Headless.Admin.User.everything is required for the connection test to succeed and must be enabled in addition to any other scopes your integration uses.

Find your Liferay domain

Your Liferay domain identifies your Liferay instance.

  • Check your browser address bar when signed in to Liferay.
  • Format: {subdomain}.lfr.cloud or liferay.{yourcompany}.com
  • Example: if your URL is https://acme.lfr.cloud/web/guest, your Liferay domain is acme.lfr.cloud
  • Do not include https:// or any trailing path.

Linking the Account from the Hub

1

Navigate to the Hub

Use one of the three Linking Account Methods to access the Hub.
2

Fill out the fields

Fill out the following fields using details from your provider:
  • Liferay Domain
  • Client ID
  • Client Secret
3

Connect

  • Click Connect
  • If applicable, the provider will redirect you to a sign-in or authorization page. Complete the provider’s authorization flow.
  • Once authorization is successful, you will see a confirmation popup

If the account linking is successful, you will see the newly linked account in your Accounts page.