Starting with version 12.11, the REST API in OTbase Discovery also supports OAuth2 authentication. For an overview of this authentication method, please check this Microsoft documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-protocols.
In the OTbase Discovery configuration client, select the node entry in the left pane and then, in the right pane, select “OAuth2” as the authentication method for the REST API.
In the fields that are exposed after you have selected “OAuth2”, you can now set the parameters for your OAuth authentication.
JWKS URI
The JSON Web Key Set (JWKS) is a set of keys containing the public keys used to verify any JSON Web Token (JWT) issued by the Authorization Server.
For Azure AD B2C:
Authorization scope must be "[CLIENT_ID]/[SCOPE]" or access token signature will be invalid (SCOPE can be ".default")
Get the Metadata URI from the App/Overview/Endpoints/OpenID Connect-Metadata Document. Example: https://login.microsoftonline.com/[tenant GUID]/v2.0/.well-known/openid-configuration. Calling this URI will give you a JSON document containing a "jwks_uri" field. The assigned URI is the one to use. Example: https://login.microsoftonline.com/[tenant GUID]/discovery/v2.0/keys. To verify this URI: Calling this URI will give you a JSON document containing a "keys" array.
Audience
Expected audience (aud) in the JSON Web Token (JWT). The setting depends on the Authorization Server and may not be required.
Scope
If set, that scope needs to be set in the scope field (scp) of the JSON Web Token (JWT).
Leave empty if scope is ".default"
User field name
Field name in the JSON Web Token (JWT) to be used to identify the user.
For Azure AD B2C:
Use "unique_name" or "upn" for example
Restrict Users
If set, limit access to the provided users (identified by the above field in the JSON Web Token (JWT)).
Group field name
Field name of the array in the JSON Web Token (JWT) to check for groups.
Restrict group access
If set, limit access to the provided groups (identified by the above field in the JSON Web Token (JWT)).
Comments
0 comments
Please sign in to leave a comment.