You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2016/07/27 09:01:20 UTC
[jira] [Updated] (FEDIZ-172) OIDC DataProvider should support
client_credentials clients
[ https://issues.apache.org/jira/browse/FEDIZ-172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin updated FEDIZ-172:
-----------------------------------
Description:
OAuth2 Client Credentials (https://tools.ietf.org/html/rfc6749#section-4.4) is a simplest way for OAuth2 machine clients to request the access token.
For example, instead of the machine client authenticating with STS first and then using the received assertion to authenticate against OAuth2 AccessTokenService and use client_credentials to get an access token it is much simpler for such a client to simply authenticate directly with the
AccessTokenService:
https://tools.ietf.org/html/rfc6749#section-4.4.2
In this case the step involving the client authenticating with STS will be done by AccessTokenService.
Both approaches are equivalent but the latter is simpler for the client and makes the client code OAuth2-portable.
Note the data provider will already support such clients if they have been pre-registered. However, pre-registering the clients to support their authentication in cases when their data already exist in Syncope, LDAP, etc, can be unrealistic
was:
OAuth2 Client Credentials (https://tools.ietf.org/html/rfc6749#section-4.4) is a simplest way for OAuth2 machine clients to request the access token.
For example, instead of the machine client authenticating with STS first and then using the received assertion to authenticate against OAuth2 AccessTokenService and use client_credentials to get an access token it is much simpler for such a client to simply authenticate directly with the
AccessTokenService:
https://tools.ietf.org/html/rfc6749#section-4.4.2
In this case the step involving the client authenticating with STS will be done by AccessTokenService.
Both approaches are equivalent but the latter is simpler for the client and makes the client code OAuth2-portable.
> OIDC DataProvider should support client_credentials clients
> ------------------------------------------------------------
>
> Key: FEDIZ-172
> URL: https://issues.apache.org/jira/browse/FEDIZ-172
> Project: CXF-Fediz
> Issue Type: Improvement
> Components: OIDC
> Reporter: Sergey Beryozkin
> Fix For: 1.3.1
>
>
> OAuth2 Client Credentials (https://tools.ietf.org/html/rfc6749#section-4.4) is a simplest way for OAuth2 machine clients to request the access token.
> For example, instead of the machine client authenticating with STS first and then using the received assertion to authenticate against OAuth2 AccessTokenService and use client_credentials to get an access token it is much simpler for such a client to simply authenticate directly with the
> AccessTokenService:
> https://tools.ietf.org/html/rfc6749#section-4.4.2
> In this case the step involving the client authenticating with STS will be done by AccessTokenService.
> Both approaches are equivalent but the latter is simpler for the client and makes the client code OAuth2-portable.
> Note the data provider will already support such clients if they have been pre-registered. However, pre-registering the clients to support their authentication in cases when their data already exist in Syncope, LDAP, etc, can be unrealistic
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)