Re: [OAUTH-WG] Client Credentials flow and Client Registrations

Tue, 15 Mar 2016 06:22:38 -0700 

Hi John
On 15/03/16 13:05, John Bradley wrote:

I think you may be confusing Client credentials flow with resource owner 
credentials flow.
Sorry, I should've clarified initially, it is a piece of software that needs to run without a human user. So I hope it is still client_credentials. 


If there is a resource owner in the flow use code.   The resource owner 
credentials flow is a bad idea and only put in for backwards compatibility.
Right, I was about to ask how resource owner credentials can help :-), but I guess I'll stay away from it for now. 

Thanks, Sergey


John B.


On Mar 15, 2016, at 9:37 AM, Sergey Beryozkin <sberyoz...@gmail.com> wrote:

Hi All

I've alway been thinking of Client Credentials as being the simplest flow but 
now that I'm looking at implementing it myself to be used in the real 
productions, I'm realizing that there's something I do not understand about it:

Do the clients using Client Credentials flow need to be OAuth2-registered, even 
when such clients are already known to the authentication system ?

For example, there might be some LDAP/etc entry for Alice (name, password). Now 
a client is using a client credentials flow to get an access token:

POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials

I hope that in this case no explicit registration (the one typically required 
in redirection based flows) is needed, the client (Alice) has been 'implicitly' 
registered (as far as the notion of OAuth2 client is concerned) in LDAP/etc.

If the explicit registration with OAuth2 AS was still required in the case 
above then it would lead to a fairly massive duplication of effort (Alice is 
registered in Ldap, then also with OAuth2 AS), etc

Can someone clarify it please ?

Thanks, Sergey









_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth




_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to