The client making OAuth2 authenticated requests to Joinup could be a webserver. In this case the client's app can keep a secret, so Client Credentials fits as grant type of the client/consumer. But if the client is making requests from a native phone app of a front Javascript app (like SPA), we're in a scenario where the client's app cannot keep a secret. As we cannot make assumption about the type of the client, we have to offer also the option to create clients/customers using Authorization Code grand type.
In
📌
Use a custom content entity type to store the request
Active
we've created a bundleless oauth_client_request entity type. For the sake of simplicity we've considered that a OAuth2 scope is enough to preconfigure a client/consumer. The problem is that the approach only works for clients/consumers that are using Client Credentials grant type. Authorization Code grand type requires also other information not part of the scope. It seems that we need to store all information in a different kind of object that contains the scope plus other information needed for Authorization Code.
That object, containing preconfigured clients could be the bundle of oauth_client_request entity.
Needs work
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
No activities found.