OAuth 2.0 Client Credentials Flow

You can implement the OAuth 2.0 Client Credentials flow for the proxy classes generated when importing an OpenAPI specification, using the security information included in the specification. For service‑to‑service interactions, this allows an application to use its own credentials (client ID and secret) to obtain an access token from the authorization server, which can then be used for authorized API calls.

The Jade Platform REST client provides built-in support for OAuth 2.0 authorization protocols. When a Jade application uses server-to-server authentication where the client acts on its own behalf, the REST client support of the Client Credentials flow of OAuth 2.0 enables applications to access resources on their own behalf; not for individual users.

The following proxy classes are not existing RootSchema classes but are automatically generated as user subclasses in the JadeRestProxy subclass in your schema when you import an OpenAPI specification into your schema.

OAuth2AccessToken

The OAuth2AccessToken class is a transient-only data subclass of the JadeRestDataModelProxy class when the OpenAPI is generated. It contains the data returned by the authentication server to a client on a successful access token request, including the access token itself along with the expiry, scope, and type of the token. The properties listed in the following table are defined in the generated OAuth2AccessToken class.

Property	Type	Description
access_token	String (maximum), public	The requested access token. The application can use this token to authenticate to the secured resource; for example, to a web API.
expires_in	String (maximum), public	The amount of time that an access token is valid (in seconds).
scope	String (maximum), public	The resource identifier (application ID URI) of the resource.
token_type	String (maximum), public	Indicates the token type value; for example, bearer.

Resource proxy subclass

When an OpenAPI specification is imported into a Jade schema, a subclass of JadeRestResourceProxy is generated with all resource proxy classes being subclasses of that class. Prior to Jade release 2025, the JadeRestResourceProxy class had no extra behavior and was used only for grouping the resource proxy classes, but with the ability to import an OAuth Client Credentials flow specification, the methods listed in the following table are defined in the generated resource proxy class.

Method	Description
getAccessToken(): String typeMethod;	Used to get the access token from the authorization server. It is automatically generated with the correct endpoint that is in the OpenAPI specification but it also makes use of the four hook methods to get the ID, secret, grant type, and scope that it will need to send to the server.
getClientId(): String typeMethod;	Modify or reimplement this method to return the client ID that will be sent to the authentication server to identify the user.
getClientSecret(): String typeMethod;	Modify or reimplement this method to return the client secret that will be sent to the authentication server to prove the identity of the user.
getGrantType(): String typeMethod;	When using the OpenAPI Client Credentials flow, this method can remain unchanged as it defaults to returning client_credentials. When alternative flows are introduced, use this method to determine which grant type (that is, the flow) to use.
getScope(): String typeMethod;	The value passed for the scope value in this request should be the resource identifier (application ID URI) of the resource you want, affixed with the .default suffix. All scopes included must be for a single resource. You cannot add scopes from other resources. If you add a scope unsupported by that resource or you do not have permission for it, an error results from the REST endpoint.

Overriding the Endpoint

An Open API specification may not have any entries in the server section, or it may have several. In these cases, it is necessary to set the URI prefix by calling the JadeRestClient class setEndpoint method. The generated JadeRestResourceProxy subclass for the import then includes an endpoint property and a setEndpoint method, as follows.

• The endpoint property is a public String primitive type of the maximum length.

• The setEndpoint method can be called when using the generated OpenAPI classes to set the endpoint if it hasn’t been already, or if you need to overwrite it. This method has the following signature.

  setEndpoint(endpoint: String) updating, generated;

By default, the existing behavior in earlier releases is preserved; that is, an Endpoint constant is set for each resource proxy based on the server section of the specification. If needed, you can call the setEndpoint method of the JadeRestResourceProxy subclass to override this behavior with a different endpoint, or it can be used to set the endpoint if it has not been specified in the OpenAPI specification.

2025.0.01 and higher