Configuring a Client Credential Flow OAuth Resource
KB002814
PRODUCT
There is a custom OAuth flow that you can use, upon customer request, that allows you to configure K2 to bypass trust.k2.com. This OAuth token flow gives any service instance an all-access (keys-to-the-kingdom) pass to AAD.
Resource Type Configuration
The Client Credential Flow custom OAuth extension is located at K2Host ServerBinOAuthExtensionsSourceCode.Security.OAuth.Extensions.ClientCredentials.dll
A resource type for this extension is not configured out of the box, so you need to create it for the customer. Use the following information for reference.
- Name: Client Credentials
- Description: leave blank
- Extension: SourceCode.Security.OAuth.Extensions.ClientCredentials
- Usage: Authorization
- RefreshTokenExpiration: 0
- ExpirationWarningDays: 0
- InvalidMessageDelayMinutes: 0
- ExpiringMessage: leave blank
- InvalidMessage: leave blank
Add the resource type parameters:
- resource: true for URL Encode, Token Request
- grant_type: true for Token Request, client_credentials for Token Default Value
- client_id: true for URL Encode, Token Request
- redirect_uri: true for URL Encode, Token Request
- client_secret: true for URL Encode, Token Request
Create a new resource based on the Client Credentials resource type with the following values
- Resource Type: Client Credentials
- Name: CC - <K2 Cloud Tenant Name>
- Authorization Endpoint: https://login.microsoftonline.com/<AAD Tenant ID>/oauth2/authorize
- Token Endpoint: https://login.microsoftonline.com/< AAD Tenant ID>/oauth2/token
- Refresh Token Endpoint: leave blank
- Metadata Endpoint: leave blank
- UseHostServerAuthorizationEndpoint: false
Add values for the resource parameters.
- resource: https://graph.windows.net/
- grant_type: client_credentials
- client_id: <Client ID of your AAD App>
- redirect_uri: https://<K2 Cloud URL>/Identity
- client_secret: <Client secret of your AAD App>
The last step is to create and/or edit a service instance to use the Client Credentials OAuth resource and test that it's functioning as expected.