Setting Up OIDC Relying Party with Client Credentials Flow

When configuring a new OIDC relying party for authentication to GENESIS, you can select Client Credentials Flow as the authentication method. Server-to-server authentication using a client ID and client secret; no user sign-in is required.

Client Credential Flow is available in GENESIS versions 11.05 and later.

Automated processes, background services, or machine-to-machine communication with the Web API.

To configure a relying party with the client credentials flow authentication:

  1. Open Workbench and in Project Explorer, expand your project > Security .

  2. Right-click OIDC Relying Parties and select Add OIDC Relying Party to open the configuration dialog.

  3. At the top of the dialog, enter a name according to the client that you are configuring; for example, TestRESTClient. This name serves as the OIDC/OAuth Client Identifier (https://tools.ietf.org/html/rfc6749#section-2.2)

  4. In General Settings, make sure the Enabled checkbox is selected. Optionally, enter a display name and description.

  5. In the Flow types section, complete the following settings:

    1. Select Client Credentials Flow Enabled .

    2. In Credentials Permission Type, select the desired option that determines what permissions are granted to the applications using the flow.

      • Mapped to User —The application is granted the same permissions as the user selected in the next step, including any permissions inherited from its groups.

      • Full Access —The application is granted full permission.

    3. In Client Credentials User Name , enter the user whose permissions are used when Permission Type is set to Mapped to User .

  6. In the Login section, enter your client application's secret in the Client Secret text box. Generate a long random sequence of characters for the secret.

    This field is mandatory for the client credentials flow authentication.

  7. Complete the remaining settings as desired, and then click Apply .