Client Credentials grant setup
To configure the Client Credentials grant to be used with PSD2, proceed as follows:
- Go to:
Loginapp >> OAuth 2.0/OIDC Authorization Servers >> <some AS> >> OAuth 2.0 Grants/OIDC Flows - In property OAuth 2.0 Client Credentials Grant, create and edit an OAuth 2.0 Client Credentials Grant plugin, as follows:
- Configure the Issuer and Audience properties to add
issandaudclaims, if they are required by the backend services. - Use the following plugins in the list of Granted Scope Processors:
- Plugin OAuth 2.0 Granted Scope Whitelist, with allowed scopes:
pisp(all other scopes are used with the Authorization Code flow). - Plugin STET PSD2 OAuth 2.0 Scope Filter (no detail configuration required).
- Plugin OAuth 2.0 Granted Scope Whitelist, with allowed scopes:
- As Signature, use the plugin JWT Access Token Private Key Signature.
Further information and links
- OAuth 2.0 grant types gives general information about OAuth grants and the Client Credentials grant in particular.
- Client Credentials grant usage provides a sample use case of the Client Credentials grant.