Replies: 1 comment 1 reply
-
|
I think this is very similar to #341 and you are correct that client credential is designed with server to server auth in mind. I am currently a bit occupied but it's on my schedule to get to the bottom of it. From what briefly read it seems that this is indeed a deviation of the standard. Edit: as a workaround you can take a look into our examples repo: https://github.com/node-oauth/node-oauth2-server-examples/blob/main/server2server/provider/model.js however I still think this should be addressed |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your quick response. It would be very helpful if this were implemented in the future, as intended in the docs :) |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
As I understand the OAuth2 flow, the Client Credentials flow doesn't require a user, just a client (ClientId and ClientSecret). However, this package always requires a user because the Client Credentials Grant uses, among other things, the "getUserFromClient(client)" method (https://node-oauthoauth2-server.readthedocs.io/en/master/model/overview.html#client-credentials-grant). Have I misunderstood this, or does this package deviate from the OAuth2 specification?
Beta Was this translation helpful? Give feedback.
All reactions