We want to use the OAuth client_credential flow while using the 'Webrequest' connector.
But this seems not be possible out-of-the box (see your article: How to perform OAuth Client Credentials Flow)
I have implemented the workaround with success.
First I want to point out that using the workaround seems a lot more stable than the otb oauth token retrieval. This seems to expire and it is not renewed automatically, what would be a problem running this flow on the server.
The workaround is able to retrieve the token each time before you want to do your actual webrequest.
But with this workaround, you are exposing the client_secret. And that is a serious problem.
So I am thinking about two possible solutions:
Add support for the client_credential flow to the otb webrequest connector, that should be renewed with every webrequest you execute.
or add the possibility to setup and use secure parameters within the server space.
(eg. add a connector 'Secure Parameters', where you can setup a KeyValuePair dictionary... that you could store away just like the other connectors with secrets. Next to this: add a task 'Retrieve Secure Parameters', that would display the results within a dataset with just one row: the key is used as a column header and the value is used with the record as the column value)
This last suggestion would be a very nice addition to this wonderful product.
Hi @dgudkov , thank you for your very quick response. I have completely overlooked the fact that the "Client Credential flow" was implemented. Thank you for updating the mentioned article, so when someone else stumbles upon this article, he/she does not make the same wrong assumptions like I did. We'll just have to upgrade to the latest version to get this feature, nice!
For the second: the 'shared memory' can indeed help within my situation. However it is not completely secure... it is way better than the workaround that I was planning to implement.
So thank you very very very much! Highly appreciated.
