OAuth 2.0 Client Credentials Grant
Authenticate using the OAuth 2.0 Client Credentials Grant
Overview
OAuth 2.0 Client Credentials Grant is an industry standard authorization flow. In this Authorization type the client application acquire access tokens without involving specific users. Instead of authenticating on behalf of a user, the client itself present its own credentials to the authorization server and receives an access token. This allows it to access protected resource on the server's behalf.
Fields
The OAuthClientCredentials authentication type includes the following fields:
Client Id
A unique identifier assigned to the client application by the authorization server.
Client Secret
A confidential string used by the client to authenticate itself to the authorization server.
Access Token URL
The URL where the client exchanges the authorization code for an access token.
Scope
This determines the scope or permissions being requested in the Authentication request. This list is space separated.
Access Token Extraction Key
This defines which key will contain the access_token in the returned JSON object. Defaults to access_token.
Expires In Extraction Key
This defines which key will contain the expires_in value for the access token in the returned JSON object. Defaults to expires_in.
Http Operation
What HTTP Operation is used for the authorization request. Can be POST or GET.
Headers
The custom headers in JSON format:{"apiKey": "api_key_value"}
Use Raw Token
Enabling this removes the Bearer prefix from the Authorization header.
Grant Type
Grant types used in OAuth 2.0. The 'client_credentials' can be replaced according to the authorization flow of the external system.
Use JWT Token
This checkbox needs to be enabled only when we are going to use the JWT flow.
JWT Client Assertion Type
JWT Client Assertion Type is a method for authenticating OAuth 2.0 clients using JSON Web Tokens.
JWT Private Key
JWT Private Key is a cryptographic key used to sign JSON Web Tokens for authentication and authorization purposes.
JWT Headers
User is able to add JWT Header fields in JSON format
JWT Payload
User is able to add JWT Payload/Claims fields in JSON format
Server SSL Certificate
Provide a Server SSL Certificate to Trust
Trust any SSL Server Certificate
Trust any server if the integration is unable to verify the identity of the server it is requesting from
Client Certificate in PEM Format
Used for verifying the client in mTLS, this is the private key for the client.
Client Private Key in PEM Format
Used for verifying the client in mTLS, the certificate to use for the client
Client Private Key Passphrase
Used for verifying the client in mTLS, this is an optional passphrase
Not all of the mentioned fields in the provided authorization flow are required. The necessary combination of fields may vary based on the specific requirements of the external system.
OAuth Client Credentials Support Additional Key/Value Pairs
The OAuth configuration accepts a JSON map, where you can give arbitrary values that need to be passed as body parameters, for example: x-www-form-urlencoded.
The Aisera Gen AI platform already passes body parameters for client_id, client_secret, grant_type and optionally for scope. You can also add arbitrary key-value pairs.
If you put the pair client_id and test as Body Parameters, the test value will overwrite the configuration of the client_id field. The same applies to the client secret and scope.
JWT Authentication
The Aisera Platform supports the use of JWT credentials in the same flow and configuration. When enabling the Use JWT Token checkbox, the Aisera Platform will use the JWT related fields for authentication with the third-party application..
mTLS Support
This form of authentication supports the use of Mutual Transport Layer Security (mTLS). mTLS is an authentication protocol in which the client and the server verify the identity of each other. This is an extension of Transport Layer Security (TLS) in which the identify of a server is verified through a Certified Authority.
Configuring the external platform
When configuring the external system for OAuth 2.0 integration with the Aisera platform, the following redirect URLs may need to be whitelisted.
Service Account Authorization
For service account authorization for use with the data sources and workflows whitelist:
https://<cluster_id>.login.aisera.<top_level_domain>/?id=aisera.oauth.oauthCommand
Contact your Aisera support team for the Cluster Id.
User Authorization
For user authorization for use with workflows whitelist:
https://<vanity_url>.chatbot.aisera.<top_level_domain>/oauth2/authorize
Last updated
Was this helpful?