Improve authentication/authorization documention w/ examples about client credentials OAuth 2 flow #7493

fidgi · 2021-05-14T11:56:14Z

fidgi
May 14, 2021

Hi,

Current authentication/authorization documention is focused on the case where the principal is a user (e.g. the function verifyToken returns a UserProfile ) . It is not clear how to handle the case where the principal is an application as in the client credentials OAuth 2.0 flow.

Can this be improved ?

Regards,

raymondfeng · 2021-05-14T13:15:47Z

raymondfeng
May 14, 2021
Maintainer

I have a similar use case and here is my solution:

Register an authentication strategy that validates the client credentials
If successful, bind the application principal to the request context and return an Anonymous user profile

Ideally, we should allow a strategy to return a more generic object such as SecuritySubject, which can contain more than one principals (including application and user).

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Improve authentication/authorization documention w/ examples about client credentials OAuth 2 flow #7493

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Improve authentication/authorization documention w/ examples about client credentials OAuth 2 flow #7493

Uh oh!

fidgi May 14, 2021

Replies: 1 comment

Uh oh!

Uh oh!

raymondfeng May 14, 2021 Maintainer

fidgi
May 14, 2021

raymondfeng
May 14, 2021
Maintainer