Configuring a Client Credential Flow OAuth Resource

  • 16 February 2021
  • 0 replies
  • 274 views

 

Configuring a Client Credential Flow OAuth Resource

KB002814

PRODUCT
K2 Cloud Update 6
K2 Five 5.2

 

There is a custom OAuth flow that you can use, upon customer request, that allows you to configure K2 to bypass trust.k2.com. This OAuth token flow gives any service instance an all-access (keys-to-the-kingdom) pass to AAD.

 

 

This approach should only be considered if the customer understands the implications of this configuration and refuses to allow configuration of K2 and AAD through the standard approach. It should only be used as a last resort and is not meant as a replacement for using the K2 apps and trust.k2.com to integrate with AAD.

 

 

 

Resource Type Configuration

The Client Credential Flow custom OAuth extension is located at K2Host ServerBinOAuthExtensionsSourceCode.Security.OAuth.Extensions.ClientCredentials.dll

A resource type for this extension is not configured out of the box, so you need to create it for the customer. Use the following information for reference.

  • Name: Client Credentials
  • Description: leave blank
  • Extension: SourceCode.Security.OAuth.Extensions.ClientCredentials
  • Usage: Authorization
  • RefreshTokenExpiration: 0
  • ExpirationWarningDays: 0
  • InvalidMessageDelayMinutes: 0
  • ExpiringMessage: leave blank
  • InvalidMessage: leave blank
 

Add the resource type parameters:

  • resource: true for URL Encode, Token Request
  • grant_type: true for Token Request, client_credentials for Token Default Value
  • client_id: true for URL Encode, Token Request
  • redirect_uri: true for URL Encode, Token Request
  • client_secret: true for URL Encode, Token Request

Image

Create a new resource based on the Client Credentials resource type with the following values

 

 

Add values for the resource parameters.

  • resource: https://graph.windows.net/
  • grant_type: client_credentials
  • client_id: <Client ID of your AAD App>
  • redirect_uri: https://<K2 Cloud URL>/Identity
  • client_secret: <Client secret of your AAD App>

Image

The last step is to create and/or edit a service instance to use the Client Credentials OAuth resource and test that it's functioning as expected.

 

 


0 replies

Be the first to reply!

Reply