oauth2 icon indicating copy to clipboard operation
oauth2 copied to clipboard
verified publisher icon owncloud

`client_credential` flow

Open navid-shokri opened this issue 2 years ago • 4 comments

I am looking for the implementation of the client_credential OAuth2 flow in Owncloud to secure my machine-to-machine API calls. In my Scenario, I have a worker service that interacts with Owncloud APIs but I need to protect the APIs from anonymous calls and force the callers to use an access token (JWT) for authentication and authorization.

navid-shokri avatar May 22 '23 16:05 navid-shokri

@navid-shokri did you consider App Passwords / Tokens?

  • https://doc.owncloud.com/webui/next/classic_ui/personal_settings/security.html#app-passwords-tokens

michaelstingl avatar May 23 '23 13:05 michaelstingl

yes, I do. But it means I should assign a real user to my third-party application. and I should use a basic authorization header? I was expecting there should be a more seamless and secure approach as OAuth client_credentials flow. :disappointed:

navid-shokri avatar May 24 '23 13:05 navid-shokri

do you think it can be useful for others to implement the cient_credentials flow base on this RFC? it seems pretty easy. https://datatracker.ietf.org/doc/html/rfc6749

shokri-navid avatar May 24 '23 14:05 shokri-navid

@phil-davis Do you think contributing to this feature can be merged?

navid-shokri avatar May 25 '23 11:05 navid-shokri