You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

This page describes REST service calls with OpenID Connect authentication, performed in automatic tasks.

An automatic task can be executed:

  • in the foreground, for example when it immediately follows a manual task, incoming message node, etc.
  • in the background, for example when it is triggered by a timer node or it is connected to the timer exit of another task

In both cases, the automatic task is executed by the automatic user. When a REST service call is made from the automatic task, and this REST service call is configured to use OpenID Connect authentication, the Runtime obtains an access token for the Runtime Service Account using the Client Credentials grant. The access token is obtained the first time it is needed. On subsequent REST service calls from automatic tasks, a new access token is obtained if the previous one is expired.


The OpenID Connect client configured via the blueriq.security.openid-connect.client-id configuration property must be authorized to use the Client Credentials grant.


In the current version, the access token obtained via the Client Credentials grant must be a JWT and must be compatible with an ID token in terms of the username and role claims.


The openid connect identity provider must support grant_type=client_credentials for this to work.

Didn't find the answer you were looking for? Try the advanced search