To configure the Client Credentials grant to be used with PSD2, proceed as follows:
- Go to:
Loginapp >> OAuth 2.0/OIDC Authorization Servers >> <some AS> >> OAuth 2.0 Grants/OIDC Flows - In property OAuth 2.0 Client Credentials Grant, create and edit an OAuth 2.0 Client Credentials Grant plugin, as follows:
- Configure the Issuer and Audience properties to add
iss
andaud
claims, if they are required by the backend services. - Use the following plugins in the list of Granted Scope Processors:
- Plugin OAuth 2.0 Granted Scope Whitelist, with allowed scopes:
pisp
(all other scopes are used with the Authorization Code flow). - Plugin STET PSD2 OAuth 2.0 Scope Filter (no detail configuration required).
- As Signature, use the plugin JWT Access Token Private Key Signature.