# OAuth 2.0 Client Credentials Grant ## Overview [OAuth 2.0 Client Credentials Grant](https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/) is an industry standard authorization flow. In this Authorization type the client application acquire access tokens without involving specific users. Instead of authenticating on behalf of a user, the client itself present its own credentials to the authorization server and receives an access token. This allows it to access protected resource on the server's behalf.

## Fields The **OAuthClientCredentials** authentication type includes the following fields:

Field	Description
Client Id	A unique identifier assigned to the client application by the authorization server.
Client Secret	A confidential string used by the client to authenticate itself to the authorization server.
Access Token URL	The URL where the client exchanges the authorization code for an access token.
Scope	This determines the scope or permissions being requested in the Authentication request. This list is space separated.
Access Token Extraction Key	This defines which key will contain the `access_token` in the returned JSON object. Defaults to `access_token`.
Expires In Extraction Key	This defines which key will contain the `expires_in` value for the access token in the returned JSON object. Defaults to `expires_in`.
Http Operation	What HTTP Operation is used for the authorization request. Can be `POST` or `GET`.
Headers	The custom headers in JSON format:`{"apiKey": "api_key_value"}`
Use Raw Token	Enabling this removes the `Bearer` prefix from the Authorization header.
Grant Type	Grant types used in OAuth 2.0. The 'client_credentials' can be replaced according to the authorization flow of the external system.
Use JWT Token	This checkbox needs to be enabled only when we are going to use the JWT flow.
JWT Client Assertion Type	JWT Client Assertion Type is a method for authenticating OAuth 2.0 clients using JSON Web Tokens.
JWT Private Key	JWT Private Key is a cryptographic key used to sign JSON Web Tokens for authentication and authorization purposes.
JWT Headers	User is able to add JWT Header fields in JSON format
JWT Payload	User is able to add JWT Payload/Claims fields in JSON format
Server SSL Certificate	Provide a Server SSL Certificate to Trust
Trust any SSL Server Certificate	Trust any server if the integration is unable to verify the identity of the server it is requesting from
Client Certificate in PEM Format	Used for verifying the client in mTLS, this is the private key for the client.
Client Private Key in PEM Format	Used for verifying the client in mTLS, the certificate to use for the client
Client Private Key Passphrase	Used for verifying the client in mTLS, this is an optional passphrase

{% hint style="info" %} Not all of the mentioned fields in the provided authorization flow are required. The necessary combination of fields may vary based on the specific requirements of the external system. {% endhint %}

### **OAuth Client Credentials Support Additional Key/Value Pairs** The OAuth configuration accepts a JSON map, where you can give arbitrary values that need to be passed as body parameters, for example: `x-www-form-urlencoded`. The Aisera Gen AI platform already passes body parameters for `client_id`, `client_secret`, `grant_type` and optionally for `scope`. You can also add arbitrary key-value pairs. {% hint style="info" %} If you put the pair `client_id` and `test` as Body Parameters, the `test` value will overwrite the configuration of the `client_id` field. The same applies to the client secret and scope. {% endhint %} ### JWT Authentication The Aisera Platform supports the use of JWT credentials in the same flow and configuration. When enabling the **Use JWT Token** checkbox, the Aisera Platform will use the JWT related fields for authentication with the third-party application.. ### mTLS Support This form of authentication supports the use of Mutual Transport Layer Security (mTLS). mTLS is an authentication protocol in which the client and the server verify the identity of each other. This is an extension of Transport Layer Security (TLS) in which the identify of a server is verified through a Certified Authority. ## Configuring the external platform When configuring the external system for OAuth 2.0 integration with the Aisera platform, the following redirect URLs may need to be whitelisted. ### Service Account Authorization For service account authorization for use with the data sources and workflows whitelist: `https://.login.aisera./?id=aisera.oauth.oauthCommand` Contact your Aisera support team for the Cluster Id. ### User Authorization For user authorization for use with workflows whitelist: `https://.chatbot.aisera./oauth2/authorize` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.aisera.com/aisera-platform/adding-data-to-your-tenant/integrations-and-data-sources/supported-auth-types-for-custom-integrations/oauth-2.0-client-credentials-grant.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.