OAuth2 Client Credentials with Private Key JWT

Authentication Configuration

When the OAuth2 Client Credentials with Private Key JWT authentication type is selected in the Authorization type dropdown (4 from Figure 3 of this page), the following options will appear.

Registering an App on an External System

To obtain the values of the fields, register your app on the external system. Each external system allows this to be achieved in different ways, so the corresponding documentation must be consulted.

Note: Supported signature algorithms include RS256 and PS256.

Public Key validation

After filling in all the required information, clicking Save will trigger the generation of the Public key in .pem file format. This key will be available for download on the Connection’s settings page (Public Key field on Figure 2) and must be configured on the external system as Public Key type.

Once the public key is configured on the external system, clicking Validate will authorize the Connection (Validate button on the yellow banner of the Figure 2). This process will validate the certificate on the external service and authorize the connection.

Note that the step of submitting the certificate on the external system must be done before the validation on Connections. Contrary to other authentication types, creating and saving the connection on a first iteration will only generate the public key, not validating it (meaning the Connection will not be authorized at this stage).

Note: Updating the configuration of Client Credentials with Private Key JWT, will not create a new public key. Check the Switching certificates sections

Switching Certificates

In case a certificate needs to be updated, it will be necessary to repeat all the steps since Authentication Configuration, including resetting the “Authentication Type” field (this is, change to a different value and then select “Client Credentials with Private Key JWT”).