Support for Private Key JWT for OAuth

Private Key JWT support simplifies secure authentication and authorization, prioritizing simplicity, scalability, and compatibility over the complexities of mutual-TLS.

Prerequisites

Procedure

  1. Navigate to Manage > OAuth connections.
  2. Click Create connection.
    The Connection settings screen appears.
  3. Select a Provider type as Microsoft Entra.
    Note: The Callback URL is used in your enterprise application configuration settings to connect to the Control Room.
  4. Enter a unique Connection name to identify the connection.
  5. Optional: Enter a Description for the connection.
  6. Click Next.
    The Authentication details screen appears.
  7. Select a Grant type.
  8. Select the Client authentication method as Client Authentication Private Key JWT.
  9. Enter the Client ID that is provided by the provider for your account.
  10. Enter the Authorization URL used to obtain an authorization code for your account.
  11. Enter the Token URL used to exchange an authorization code for an access token.
  12. Optional: Enter Scope.
    Image displaying the OAuth authentication details page
    This information is used as claims (information about the user) in an access token and forwarded to the resource server to limit access.
    Note: If you are adding more than one scope, ensure that you separate the scopes using commas or space separated delimiter.
  13. Click Next.
    The Test connection and save credentials screen appears.
  14. Optional: Select the Save login credentials.
  15. Optional: Click Save changes and test connection.
  16. Click Next.
    The Invite roles screen appears.
  17. Select the roles that you want to invite to use this connection. Only invited roles can use the token in a bot, whether it is private, shared, or both.
    The Invite Roles action is mandatory when a Bot uses the OAuth Connection. This step is not required when used by an external connection.
    Image displaying the OAuth invite roles page
    Note: Only custom roles are displayed in the list of Available roles.
  18. Click Create connection.