OAuth Client Authentication with Escape¶
Description¶
The 'OAuth Client Credentials' preset is tailored for authentication using the OAuth 2.0 client credentials grant, ideal for service accounts:
- OAuth Token Endpoint: Directs authentication requests to the token endpoint of an OpenID Connect server.
- Service Account Credentials: Utilizes client IDs and secrets to authenticate, representing service accounts rather than individual end-users.
- Token Generation: Designed to obtain access tokens for service accounts without the need for a user's password.
This preset is particularly effective for scenarios where applications or services themselves need to authenticate, independent of a user's direct involvement.
Examples¶
presets:
- type: oauth_client_credentials
url: https://oauth.example.com/token
users:
- username: serviceAccount1
client_id: serviceClientID1
client_secret: serviceSecret1
- username: serviceAccount2
audience: https://api.my-cloud.com/user+https://some-tenant.my-cloud.com/
client_id: serviceClientID2
client_secret: serviceSecret2
scopes:
- create
- delete
Extensive Configuration¶
| Property | Type | Default | Description |
|---|---|---|---|
type * | Const[oauth_client_credentials] | oauth_client_credentials | |
url * | string | The URL of the token endpoint of the OpenIDConnect server | |
users * | List[OAuthClientCredentialsUserPreset] | A list of users to create |
Objects¶
OAuthClientCredentialsUserPreset¶
| Property | Type | Default | Description |
|---|---|---|---|
audience | string | null | The audience to request for the user. If not specified, no audience will be requested. |
client_id * | string | The client ID to use for the OAuth requests | |
client_secret * | string | The client secret to use for the OAuth requests | |
cookies | Dict[string, string] | null | Optional cookies injected during the authentication process and in authentified requests. |
headers | Dict[string, string] | null | Optional headers injected during the authentication process and in authentified requests. |
scopes | List[string] | null | A list of scopes to request for the user. If not specified, no scope will be requested. |
username * | string | The arbitrary username given to the user. |