https://www.ory.sh/ logo
Join Slack
Powered by
Hey! Is it possible to create a client that is pu...
# talk-hydra
s
Hey! Is it possible to create a client that is public 
--token-endpoint-auth-method none
but also have the 
gran-type: client_credentials
. Currently when you create a new client with 
--token-endpoint-auth-method none
you don’t get a 
client-secret
. I guess this might be something you don’t want to do?
p
yes 🙂 we don't support resource owner password credentials (if that is what you tried to accomplish here) https://www.ory.sh/docs/hydra/faq#why-is-the-resource-owner-password-credentials-grant-not-supported
s
Hmm, I guess I’m after a different flow using 
client_credentials
. I’m not interested in this case to make request on the behalf of a user but instead use access the applications own resources.
The case that I’m looking for is that I want users to authenticate the regular way using the 
authorization_code
flow to let the app make request on the behalf of a user but still use the 
client_credentials
to let the application itself make non user request to update some common resources. https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/ and not https://www.oauth.com/oauth2-servers/access-tokens/password-grant/
p
ah i see, so like a machine to machine type of account
you can still use the client_credentials flow for this, you just need to store the secret in a safe place (server-side rendered app) or native.
s
Exactly, but I’m looking for the case where the client for user auth is public using 
authorization_code
with PKCE without a secret but also use some M2M auth on the backend using 
client_credentials
. As you mentions it works fine when you can use a confidential client and use both id and secret but for the public case no secret is generated when creating a client making it so you are missing information go trough with the 
client_credentials
flow.
Doing some more reading it looks like this is mostly unsupported, and when it woks its in custom implementations. Thanks for the help!
Open in Slack
PreviousNext
Powered by