OAuth 2.0 Client Credentials Flow

Jira Code : MICL-260

Creation of this mapping is a required step for the OAuth 2.0 client credentials flow to work.

Go to Setup > Integration > Manage Authentication > OAuth 2.0 Client Credentials (M2M) Setup.The OAuth 2.0 Client Credentials Setup page appears.
To create a new mapping, click the Create New button.
In the popup window, choose the entity, role, and application to be mapped. Upload the public part of the certificate from your computer.

Certificate Conditions

A certificate to be used with the OAuth 2.0 client credentials flow must contain two parts.

The user uploads the public part of the certificate as part of the client credentials flow mapping process.
The Administrator or a user with the OAuth 2.0 Authorized Applications Management permission does not upload the private part of the certificate. The private part of the certificate provides the signature of the JWT token in the POST request to the token endpoint.

The certificate must meet the following requirements:

The public part of the certificate must be in x.509 format with a file extension of .cer, .pem, or .crt.
The length of the RSA key must be 3072 bits, or 4096 bits. The length of EC key must 256 bits, 384 bits, or 521 bits.
The maximum time period that a certificate can be valid is two years. If the certificate is valid for a longer time period, the system automatically shortens the time period to two years.
One certificate can only be used for one combination of integration record, role, and entity. If you want to use the same integration record for multiple entities or roles, you must use a different certificate for each unique combination.

The following example shows how to create a valid certificate using OpenSSL:

openssl req -x509 -newkey rsa:4096 -sha256 -keyout auth-key.pem -out auth-cert.pem -nodes -days 730.