Password flow and client credentials flow with AcceptAnonymousClients

Question

Password flow and client credentials flow with AcceptAnonymousClients

dgxhubbard opened this issue 9 months ago · comments

dgxhubbard commented 9 months ago

Confirm you've already contributed to this project or that you sponsor it

I confirm I'm a sponsor or a contributor

Version

4.x

Question

I have and an identity provider working with openiddict. The provider allows authorization, password and client credentials flow:

                        options
                            .AllowAuthorizationCodeFlow ()
                            .AllowPasswordFlow ()
                            .AllowRefreshTokenFlow ()
                            .AllowClientCredentialsFlow ();

From Hollastin sample for password flow the provider also allows anonymous clients.

                // Accept anonymous clients (i.e clients that don't send a client_id).
                options.AcceptAnonymousClients();

Will this produce any problems with client credentials where a client id is required?

It seems to work fine but I wanted to double check.

Kévin Chalet · Answer 1 · Thu Nov 16 2023 23:21:26 GMT+0800 (China Standard Time)

Will this produce any problems with client credentials where a client id is required?

The client credentials grant always requires client authentication and options.AcceptAnonymousClients() has no effect on this specific grant: if you don't send a client_id, you'll get an error.

dgxhubbard · Answer 2 · Sat Nov 18 2023 00:05:12 GMT+0800 (China Standard Time)

Thank you for the help.

Kévin Chalet · Answer 3 · Fri Dec 01 2023 16:49:47 GMT+0800 (China Standard Time)

Doing some housecleaning but as always, feel free to reopen if additional details are needed 👍🏻

dgxhubbard · Answer 4 · Sat Dec 02 2023 01:26:10 GMT+0800 (China Standard Time)

Thanks for the help Kevin!