[
https://issues.apache.org/jira/browse/FEDIZ-172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved FEDIZ-172.
---------------------------------------
Resolution: Fixed
Assignee: Colm O hEigeartaigh
> OIDC DataProvider should support client_credentials clients
> ------------------------------------------------------------
>
> Key: FEDIZ-172
> URL: https://issues.apache.org/jira/browse/FEDIZ-172
> Project: CXF-Fediz
> Issue Type: Improvement
> Components: OIDC
> Reporter: Sergey Beryozkin
> Assignee: Colm O hEigeartaigh
> Fix For: 1.3.1
>
>
> OAuth2 Client Credentials (https://tools.ietf.org/html/rfc6749#section-4.4)
> is a simplest way for OAuth2 machine clients to request the access token.
> For example, instead of the machine client authenticating with STS first and
> then using the received assertion to authenticate against OAuth2
> AccessTokenService and use client_credentials to get an access token it is
> much simpler for such a client to simply authenticate directly with the
> AccessTokenService:
> https://tools.ietf.org/html/rfc6749#section-4.4.2
> In this case the step involving the client authenticating with STS will be
> done by AccessTokenService.
> Both approaches are equivalent but the latter is simpler for the client and
> makes the client code OAuth2-portable.
> Note the data provider will already support such clients if they have been
> pre-registered. However, pre-registering the clients to support their
> authentication in cases when their data already exist in Syncope, LDAP, etc,
> can be unrealistic
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
