At the moment, in K2, OAuth authentication will always mean that the OAuth Token is associated with the user executing/calling the SmartObject. This means that every user that uses a smartform with a smartobject that has an OAuth resource will have to get an OAuth token.

Security wise, this is great. The end-users of the smartform needs to authenticate to the back-end.

In some scenario's, this is NOT desired and K2 currently does NOT provide a solution for this.

It would be great if we can configure a service instance to use teh OAuth token associated with the k2 host service service account.

This would bring back the behaviour that we had in the past with SharePoint where we could configure the service instance to use the K2 host service account. This enables the designer of an application to ONLY allow the K2 service account to have access to SharePoint and NOT all end-users, providing a different secure environment.

There are other scenario's with the REST broker where this is beneficial too.