Is there a reason you wouldn't want to use the access token to access these resources? That seems like it would be the optimal strategy.
Warren Parad Founder, CTO Secure your user data with IAM authorization as a service. Implement Authress <https://authress.io/>. On Wed, Mar 2, 2022 at 4:58 PM Nikos Fotiou <fot...@aueb.gr> wrote: > Hi all, > > I am working on a use case where the Authorization Server and the Resource > Server are the same entity. I would like to prevent clients from sharing > their access tokens. I am wondering if requiring clients to include the > "client secret" in the resource access request (in addition to the access > token) is a valid strategy. This way clients would have to share their > "client secret" in addition to the access token. Would that work? > > Best, > Nikos > -- > Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou > Researcher - Mobile Multimedia Laboratory > Athens University of Economics and Business > https://mm.aueb.gr > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
