From 847f82ddefb671e76ce06c90447550d48569c2fe Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Mon, 18 May 2026 17:27:20 +0100 Subject: [PATCH 1/6] fix: drop offline_access scope from NinjaOne OAuth, add configValidation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The plugin uses the client_credentials grant type but was asking for `offline_access` in the OAuth scope. That scope is only meaningful for flows that issue refresh tokens (authorization_code), which client_credentials doesn't. NinjaOne's EU OAuth server rejects the unused scope with a 400; CA tolerates it, which is why CA testing passed and an EU customer hit `eu-api.ninjarmm.com/oauth/token … 400`. Changes: - metadata.json: remove `offline_access` from oauth2Scope, bump 1.1.9 -> 1.1.10 - docs/README.md: align scope list and troubleshooting with NinjaOne's actual UI (Monitoring, Management, Control); note that the "Refresh token" grant type is not required - configValidation.json (new): platform runs the `organizations` data stream at config-save time so credential/scope/region problems surface immediately with an actionable error instead of an opaque 4xx during data-stream queries later Co-Authored-By: Claude Opus 4.7 --- plugins/NinjaOne/v1/configValidation.json | 11 +++++++++++ plugins/NinjaOne/v1/docs/README.md | 11 +++++------ plugins/NinjaOne/v1/metadata.json | 4 ++-- 3 files changed, 18 insertions(+), 8 deletions(-) create mode 100644 plugins/NinjaOne/v1/configValidation.json diff --git a/plugins/NinjaOne/v1/configValidation.json b/plugins/NinjaOne/v1/configValidation.json new file mode 100644 index 0000000..1c0b9be --- /dev/null +++ b/plugins/NinjaOne/v1/configValidation.json @@ -0,0 +1,11 @@ +{ + "steps": [ + { + "displayName": "NinjaOne connection", + "dataStream": { "name": "organizations" }, + "success": "Successfully connected to NinjaOne", + "error": "Cannot connect to NinjaOne — verify your Region, Client ID, and Client Secret, and that the API client has Client Credentials as an allowed grant type and the Monitoring, Management, and Control scopes enabled.", + "required": true + } + ] +} diff --git a/plugins/NinjaOne/v1/docs/README.md b/plugins/NinjaOne/v1/docs/README.md index 3d2ab83..1193a23 100644 --- a/plugins/NinjaOne/v1/docs/README.md +++ b/plugins/NinjaOne/v1/docs/README.md @@ -8,12 +8,11 @@ To use this data source, you will need to create OAuth2 API credentials in your 2. Navigate to **Administration** > **API** > **Add Application** 3. Configure the application: - **Application Name**: Enter a descriptive name (e.g., "SquaredUp Integration") - - **Allowed Grant Types**: Ensure "Client Credentials" is enabled + - **Allowed Grant Types**: Ensure "Client Credentials" is enabled. "Refresh token" is not required and can be left disabled. - **Scopes**: Select the following scopes: - - `monitoring` - Required for device monitoring data - - `management` - Required for management operations - - `control` - Required for control operations - - `offline_access` - Required for refresh tokens + - `Monitoring` - Required for device monitoring data + - `Management` - Required for management operations + - `Control` - Required for control operations 4. Click **Create Application** 5. Copy the **Client ID** and **Client Secret** - you will need these when configuring the plugin in SquaredUp @@ -81,7 +80,7 @@ This plugin provides the following data streams for monitoring your NinjaOne env **No Data Returned**: Verify that the selected API Region matches your NinjaOne instance region. -**Insufficient Permissions**: Ensure the API application has all required scopes (`monitoring`, `management`, `control`, `offline_access`). +**Insufficient Permissions**: Ensure the API application has all required scopes (`Monitoring`, `Management`, `Control`). ## Additional Resources diff --git a/plugins/NinjaOne/v1/metadata.json b/plugins/NinjaOne/v1/metadata.json index 835a506..afae82f 100644 --- a/plugins/NinjaOne/v1/metadata.json +++ b/plugins/NinjaOne/v1/metadata.json @@ -1,7 +1,7 @@ { "name": "ninja-one", "displayName": "NinjaOne", - "version": "1.1.9", + "version": "1.1.10", "author": { "name": "SquaredUp Labs", "type": "labs" @@ -23,7 +23,7 @@ "oauth2ClientSecret": "{{clientSecret}}", "oauth2TokenUrl": "{{apiBaseUrl}}/oauth/token", "oauth2ClientSecretLocationDuringAuth": "body", - "oauth2Scope": "monitoring management control offline_access" + "oauth2Scope": "monitoring management control" } }, "links": [ From 196d491d4942f55afdbc95581e4d60963761588b Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Wed, 20 May 2026 14:19:59 +0100 Subject: [PATCH 2/6] docs(NinjaOne): rewrite client app setup to match the actual NinjaOne UI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Users reported the previous setup instructions were confusing/incorrect. Rewrites the "Create NinjaOne API Credentials" section to reflect what NinjaOne's "Edit client app" dialog actually shows: - Add the missing Application Platform step (must be "API Services" — this is what makes Client Credentials the active grant type; there is no separate "Client Credentials" checkbox on the client app screen, which is what the old README implied) - Add the missing Redirect URIs field — required by NinjaOne with https://app.squaredup.com/settings/pluginsoauth2 - Clarify that the "Refresh token" checkbox under Allowed grant types is optional - Note that the Client Secret is only shown once on creation and mention the Generate new secret option - Update the "Authentication Failed" troubleshooting line for the same platform-vs-checkbox distinction Co-Authored-By: Claude Opus 4.7 --- plugins/NinjaOne/v1/docs/README.md | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/plugins/NinjaOne/v1/docs/README.md b/plugins/NinjaOne/v1/docs/README.md index 1193a23..51680f5 100644 --- a/plugins/NinjaOne/v1/docs/README.md +++ b/plugins/NinjaOne/v1/docs/README.md @@ -4,17 +4,18 @@ To use this data source, you will need to create OAuth2 API credentials in your ## Create NinjaOne API Credentials -1. Log in to your NinjaOne portal -2. Navigate to **Administration** > **API** > **Add Application** -3. Configure the application: - - **Application Name**: Enter a descriptive name (e.g., "SquaredUp Integration") - - **Allowed Grant Types**: Ensure "Client Credentials" is enabled. "Refresh token" is not required and can be left disabled. - - **Scopes**: Select the following scopes: - - `Monitoring` - Required for device monitoring data - - `Management` - Required for management operations - - `Control` - Required for control operations -4. Click **Create Application** -5. Copy the **Client ID** and **Client Secret** - you will need these when configuring the plugin in SquaredUp +1. Log in to your NinjaOne portal. +2. Navigate to **Administration** > **Apps** > **API** and click **Add**. +3. When prompted to choose an **Application Platform**, select **API Services**. This is what enables the Client Credentials grant type the plugin uses — **there is no separate "Client Credentials" checkbox to tick on the next screen.** +4. On the **Client app** screen, fill in: + - **Name**: A descriptive name (e.g., "SquaredUp Integration"). + - **Redirect URIs**: `https://app.squaredup.com/settings/pluginsoauth2` + - **Scopes**: Tick all three: + - `Monitoring` — required for device monitoring data + - `Management` — required for management operations + - `Control` — required for control operations + - **Allowed grant types**: `Refresh token` is **not** required by the plugin and can be left unticked. +5. Save the application. NinjaOne will then show the **Client ID** and **Client Secret** — copy both, as you'll need them when configuring the plugin in SquaredUp. (The Client Secret is only shown once on creation; if you lose it, use **Generate new secret** to issue a new one.) ## Configure the Plugin in SquaredUp @@ -76,7 +77,7 @@ This plugin provides the following data streams for monitoring your NinjaOne env ## Troubleshooting -**Authentication Failed**: Ensure your Client ID and Client Secret are correct and that "Client Credentials" is enabled as an allowed grant type in your NinjaOne API application. +**Authentication Failed**: Verify your Client ID and Client Secret are correct. Also check that your NinjaOne client app was created with the **API Services** application platform — this is what makes Client Credentials the active grant type. There is no separate "Client Credentials" checkbox in the client app screen; if you picked a different platform (e.g. Web app), the OAuth token request will fail. **No Data Returned**: Verify that the selected API Region matches your NinjaOne instance region. From facb615baaf59671b7c465942a09c0fb2ea2a53f Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Wed, 20 May 2026 15:34:02 +0100 Subject: [PATCH 3/6] fix configValidation error wording --- plugins/NinjaOne/v1/configValidation.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/NinjaOne/v1/configValidation.json b/plugins/NinjaOne/v1/configValidation.json index 1c0b9be..b523166 100644 --- a/plugins/NinjaOne/v1/configValidation.json +++ b/plugins/NinjaOne/v1/configValidation.json @@ -4,7 +4,7 @@ "displayName": "NinjaOne connection", "dataStream": { "name": "organizations" }, "success": "Successfully connected to NinjaOne", - "error": "Cannot connect to NinjaOne — verify your Region, Client ID, and Client Secret, and that the API client has Client Credentials as an allowed grant type and the Monitoring, Management, and Control scopes enabled.", + "error": "Cannot connect to NinjaOne — verify your Region, Client ID, and Client Secret, and that the client app is generated as 'API Services' and the Monitoring, Management, and Control scopes enabled.", "required": true } ] From 407f154d32ffeb8ff30e8f333b3ee392e684a663 Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Wed, 20 May 2026 16:35:18 +0100 Subject: [PATCH 4/6] update configValidation wording based on review --- plugins/NinjaOne/v1/configValidation.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/NinjaOne/v1/configValidation.json b/plugins/NinjaOne/v1/configValidation.json index b523166..fbec92e 100644 --- a/plugins/NinjaOne/v1/configValidation.json +++ b/plugins/NinjaOne/v1/configValidation.json @@ -4,7 +4,7 @@ "displayName": "NinjaOne connection", "dataStream": { "name": "organizations" }, "success": "Successfully connected to NinjaOne", - "error": "Cannot connect to NinjaOne — verify your Region, Client ID, and Client Secret, and that the client app is generated as 'API Services' and the Monitoring, Management, and Control scopes enabled.", + "error": "Cannot connect to NinjaOne — verify your Region, Client ID, and Client Secret, and ensure the client app is type 'API Services' with Monitoring, Management, and Control scopes enabled.", "required": true } ] From 754267857cfde79477e7dcf0f73ad9f2890a758c Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Wed, 20 May 2026 16:36:47 +0100 Subject: [PATCH 5/6] sentence case client secret --- plugins/NinjaOne/v1/ui.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/NinjaOne/v1/ui.json b/plugins/NinjaOne/v1/ui.json index ac2d4ae..6081bda 100644 --- a/plugins/NinjaOne/v1/ui.json +++ b/plugins/NinjaOne/v1/ui.json @@ -40,11 +40,11 @@ { "type": "password", "name": "clientSecret", - "label": "Client Secret", - "help": "Enter the Client Secret from your NinjaOne API credentials", + "label": "Client secret", + "help": "Enter the Client secret from your NinjaOne API credentials", "validation": { "required": true }, - "placeholder": "Enter your Client Secret" + "placeholder": "Enter your Client secret" } ] From c5c4f1ff222e29e083ac04e75bcf941e95656dee Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Wed, 20 May 2026 16:39:44 +0100 Subject: [PATCH 6/6] fix ui placeholder wording for client creds --- plugins/NinjaOne/v1/ui.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/NinjaOne/v1/ui.json b/plugins/NinjaOne/v1/ui.json index 6081bda..53a63c2 100644 --- a/plugins/NinjaOne/v1/ui.json +++ b/plugins/NinjaOne/v1/ui.json @@ -35,7 +35,7 @@ "validation": { "required": true }, - "placeholder": "Enter your Client ID" + "placeholder": "Enter a Client ID" }, { "type": "password", @@ -45,6 +45,6 @@ "validation": { "required": true }, - "placeholder": "Enter your Client secret" + "placeholder": "Enter a Client secret" } ]