A short while after I sent that last post, I had an idea about how to make this sorta work…
I tested the idea and got it working, so if you want to try it…
Create an “Oauth2 JWT Adapter” workflow (see below) that:
- Accepts the Oauth2 / Grant Type
Client Credentialssemantics in aWebhooktrigger. - Sends (forwards) the
client_idandclient_secretvalues to the API JWT endpoint asusernameandpassword, respectively. - Returns the JWT value the way the generic
Oauth2credential expects it.- Note: The API I tested already had the response in the correct form, but the
Respond to Webhooknode can reformat the API response, if necessary, to{ "access_token": "...the-jwt-value..." }. - IMPORTANT: Once it is working, configure this workflow to NOT save executions, so the password and/or JWT values won’t get “logged.”
- Note: The API I tested already had the response in the correct form, but the
Use the “Oauth2 JWT Adapter” workflow
On the HTTP Request node, where you call your actual JWT protected API endpoint, use an Oauth2 credential (which hides/separates the secret password) and configure it to call the “Oauth2 JWT Adapter” workflow at its production webhook URL.
- Note: Don’t forget to activate the “Oauth2 JWT Adapter” workflow first.
- Note: This assumes the protected API accepts the JWT value in the form of an
Authorization: Bearer ...the-jwt-value...header
The Generic Oauth2 Credential is configured like this:
