Hi John
On 15/03/16 13:05, John Bradley wrote:
I think you may be confusing Client credentials flow with resource owner
credentials flow.
Sorry, I should've clarified initially, it is a piece of software that
needs to run without a human user. So I hope it is still client_credentials.
If there is a resource owner in the flow use code. The resource owner
credentials flow is a bad idea and only put in for backwards compatibility.
Right, I was about to ask how resource owner credentials can help :-),
but I guess I'll stay away from it for now.
Thanks, Sergey
John B.
On Mar 15, 2016, at 9:37 AM, Sergey Beryozkin <sberyoz...@gmail.com> wrote:
Hi All
I've alway been thinking of Client Credentials as being the simplest flow but
now that I'm looking at implementing it myself to be used in the real
productions, I'm realizing that there's something I do not understand about it:
Do the clients using Client Credentials flow need to be OAuth2-registered, even
when such clients are already known to the authentication system ?
For example, there might be some LDAP/etc entry for Alice (name, password). Now
a client is using a client credentials flow to get an access token:
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
I hope that in this case no explicit registration (the one typically required
in redirection based flows) is needed, the client (Alice) has been 'implicitly'
registered (as far as the notion of OAuth2 client is concerned) in LDAP/etc.
If the explicit registration with OAuth2 AS was still required in the case
above then it would lead to a fairly massive duplication of effort (Alice is
registered in Ldap, then also with OAuth2 AS), etc
Can someone clarify it please ?
Thanks, Sergey
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth