webMethods.io Integration Connector OAuth2 Client Credentials Grant Support

Feedback & ideas Feature requests
, ,
1

Background
As Integration specialists, most of the time, we are not allowed admin access from the IdPs to authorize access to assets which is required to add the “Default” OAuth2 credentials for most of the predefined connectors (e.g. SharepointOnline connector requires Azure AD Tenant Admin access to grant the access using the “default” connection, Salesforce requires Salesforce Admin access to grant the access using the “default” connection). Please see screenshots SharepointOnline Connector Default OAuth Screen1 to 4 attached. Most of the time, as middleware, we are provided with client_credentials grant, no other grant types make sense as we are not a portal for users to login to, nor are we backend servers - we are in the middle and service accounts / client_credentials flow is the norm.
Uploading: SharepointOnline Connector Default OAuth Screen4.JPG…
Uploading: SharepointOnline Connector Default OAuth Screen3.JPG…
Uploading: SharepointOnline Connector Default OAuth Screen2.JPG…
Uploading: SharepointOnline Connector Default OAuth Screen1.JPG…

When you add your own connector the only supported authentication types are OAuth V1.0a, OAuth V2.0, OAuth V2.0 (JWT Flow), all have different fields that do not support Client Credntials grant

Problem
When adding an account using custom OAuth2 type credentials to:

  • some Predefined (e.g. Sharepoint); or
  • any Custom REST Connectors
    the fields available do not support OAuth2 client_credentials grant type, in other words most typically require (all mandatory):
  • Client ID
  • Client Secret
  • Access Token
  • Refresh Token
  • Refresh URL
  • Grant Type
    e.g. SharepointOnline connector
    SharepointOnline Connector Add Account Fields
    SharepointOnline Connector Add Account Fields819×633 30.9 KB

Custom Rest connector credentials

Custom REST Connector with OAuth2.0 auth
Custom REST Connector with OAuth2.0 auth783×449 23.2 KB

Both JWT and Oauth1.0a do not support client credentials grant either

there is no field for scope, which is a requirement for client_credentials grant. I have attached a screenshot for the Sharepoint Online Connector which lists the required fields above, under Grant Type, the tool tip mentions client_credentials, but it should not require the fields access token, refresh token or refresh URL, and requires token url and scope.

Feature Request
In other words, we are hoping to have all predefined connectors and any custom REST connectors to support client_credentials grant which is typically used for integrations. This will require the following fields:

  • client_id
  • client_secret
  • token url
  • grant_type
  • scope