OAuth 2.0 Client Credentials Grant
Overview
In this type of authorization, the software client will ask the user for their username and password. This username ana password are then sent to the authorization server alongside the software's client credentials. If the authentiction is successful, the client will the be issued an access token from the server.
Fields
The OAuthClientCredentials authentication type includes the following fields:
Client Id
A unique identifier assigned to the client application by the authorization server.
Client Secret
A confidential string used by the client to authenticate itself to the authorization server.
Access Token URL
The URL where the client exchanges the authorization code for an access token.
Scope
The scope is the scope of the integration and in what are the resources that will have access
Access Token Extraction Key
Which key should contain the access_token in the JSON object. By default is access_token.
Expires In Extraction Key
Which key should contain the expires_in value for the new access token in the JSON object. By default it is expires_in.
Http Operation
What HTTP Operation is used for the authorization request. Can be POST or GET.
Headers
The custom headers in JSON format:{"apiKey": "api_key_value"}
Use Raw Token
This checkbox needs to be enabled only when the prefix 'Bearer' needs not to be added in front of the token. After obtaining the authorization token, we must decide whether to include the 'Bearer' prefix before appending it to the request for the ingestion part. This is accomplished using this checkbox flag.
Grant Type
Grant types used in OAuth 2.0. The 'client_credentials' can be replaced according to the authorization flow of the external system.
Use JWT Token
This checkbox needs to be enabled only when we are going to use the JWT flow.
JWT Client Assertion Type
JWT Client Assertion Type is a method for authenticating OAuth 2.0 clients using JSON Web Tokens.
JWT Private Key
JWT Private Key is a cryptographic key used to sign JSON Web Tokens for authentication and authorization purposes.
JWT Headers
User is able to add JWT Header fields in JSON format
JWT Payload
User is able to add JWT Payload/Claims fields in JSON format
OAuth Client Credentials Support Additional Key/Value Pairs
The OAuth configuration accepts a JSON map, where you can give arbitrary values that need to be passed as body parameters, for example: x-www-form-urlencoded.
The Aisera Gen AI platform already passes body parameters for client_id, client_secret, grant_type and optionally for scope. You can also add arbitrary key-value pairs.
How it Works
This is an industry standard authorization flow. The Client Credentials grant type is a method utilized by client applications or services to acquire an access token without involving a specific user. Instead of authenticating on behalf of a user, the client itself presents its own credentials to the authorization server and receives an access token, allowing it to access protected resources on the server's behalf. Connectors that use this authorization flow are Nexthink and Marketo. The Aisera platform also supports the use of JWT in place of OAuth 2.0 credentials in the same configuration.
Configuring the external platform
When configuring the external system for OAuth 2.0 integration with the Aisera platform, the following redirect URLs may need to be whitelisted.
Service Account Authorization
For service account authorization for use with the data sources and workflows whitelist:
https://<cluster_id>.login.aisera.<top_level_domain>/?id=aisera.oauth.oauthCommand
Contact your Aisera support team for the Cluster Id.
User Authorization
For user authorization for use with workflows whitelist:
https://<vanity_url>.chatbot.aisera.<top_level_domain>/oauth2/authorize
Last updated
Was this helpful?