OAuth2 Client Credentials

Type: middleware.http.oauth2clientcredentials

Status: alpha

Reference: https://docs.dapr.io/reference/components-reference/supported-middleware/oauth2clientcredentials/

Example

apiVersion: cra.diagrid.io/v1beta1
kind: Component
metadata:
  name: <name>
spec:
  type: middleware.http.oauth2clientcredentials
  version: v1
  metadata:
    # The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform
    - name: clientID
      value: "client-id"
    # The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform
    - name: clientSecret
      value: "client-secret"
    # The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token
    - name: tokenURL
      value: "https://accounts.google.com/o/oauth2/token"
    # A list of space-delimited, case-sensitive strings of scopes which are typically used for authorization in the application (Optional)
    #- name: scopes
    #  value: "https://www.googleapis.com/auth/userinfo.email"
    # The authorization header name to forward to your application
    - name: headerName
      value: "authorization"
    # Optionally specifies how the endpoint wants the client ID & client secret sent. 0: Auto-detect (tries both ways and caches the successful way), 1: Sends client_id and client_secret in POST body as application/x-www-form-urlencoded parameters, 2: Sends client_id and client_secret using HTTP Basic Authorization (Optional)
    #- name: authStyle
    #  value: "0"
    # Specifies additional parameters for requests to the token endpoint (Optional)
    #- name: endpointParamsQuery
    #  value: "param1=value1&param2=value2"
    # Regular expression to filter which paths require authentication (Optional)
    #- name: pathFilter
    #  value: "^/api/.*"

Authentication profiles

Available authentication profiles:

• OAuth2 Client Credentials

OAuth2 Client Credentials

Configure OAuth2 client credentials authentication with any OAuth2 provider

clientID (string)

Required - The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform

Example value: client-id

clientSecret (string)

Required - The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform

Example value: client-secret

tokenURL (string)

Required - The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token

Example value: https://accounts.google.com/o/oauth2/token

scopes (string)

A list of space-delimited, case-sensitive strings of scopes which are typically used for authorization in the application

Example value: https://www.googleapis.com/auth/userinfo.email

Metadata

headerName (string)

Required - The authorization header name to forward to your application

Example value: authorization

authStyle (number)

Optionally specifies how the endpoint wants the client ID & client secret sent. 0: Auto-detect (tries both ways and caches the successful way), 1: Sends client_id and client_secret in POST body as application/x-www-form-urlencoded parameters, 2: Sends client_id and client_secret using HTTP Basic Authorization

Default value: 0

Example value: 0

Allowed values:

• 0

• 1

• 2

endpointParamsQuery (string)

Specifies additional parameters for requests to the token endpoint

Example value: param1=value1&param2=value2

pathFilter (string)

Regular expression to filter which paths require authentication

Example value: ^/api/.*