OAuth2 client credentials
The OAuth2 client credentials HTTP middleware enables the OAuth2 Client Credentials flow on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code.
apiVersion: dapr.io/v1alpha1 kind: Component metadata: name: oauth2clientcredentials spec: type: middleware.http.oauth2clientcredentials version: v1 metadata: - name: clientId value: "<your client ID>" - name: clientSecret value: "<your client secret>" - name: scopes value: "https://www.googleapis.com/auth/userinfo.email" - name: tokenURL value: "https://accounts.google.com/o/oauth2/token" - name: headerName value: "authorization"
WarningThe above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described here.
Spec metadata fields
|clientId||The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform|
|clientSecret||The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform|
|scopes||A list of space-delimited, case-sensitive strings of scopes which are typically used for authorization in the application||
|tokenURL||The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token||
|headerName||The authorization header name to forward to your application||
|endpointParamsQuery||Specifies additional parameters for requests to the token endpoint||
|authStyle||Optionally specifies how the endpoint wants the client ID & client secret sent. See the table of possible values below||
Possible values for
||Sends the “client_id” and “client_secret” in the POST body as application/x-www-form-urlencoded parameters.|
||Sends the “client_id” and “client_secret” using HTTP Basic Authorization. This is an optional style described in the OAuth2 RFC 6749 section 2.3.1.|
||Means to auto-detect which authentication style the provider wants by trying both ways and caching the successful way for the future.|
apiVersion: dapr.io/v1alpha1 kind: Configuration metadata: name: appconfig spec: httpPipeline: handlers: - name: oauth2clientcredentials type: middleware.http.oauth2clientcredentials
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.