Password flow and client credentials flow with AcceptAnonymousClients
dgxhubbard opened this issue · comments
Confirm you've already contributed to this project or that you sponsor it
- I confirm I'm a sponsor or a contributor
Version
4.x
Question
I have and an identity provider working with openiddict. The provider allows authorization, password and client credentials flow:
options
.AllowAuthorizationCodeFlow ()
.AllowPasswordFlow ()
.AllowRefreshTokenFlow ()
.AllowClientCredentialsFlow ();
From Hollastin sample for password flow the provider also allows anonymous clients.
// Accept anonymous clients (i.e clients that don't send a client_id).
options.AcceptAnonymousClients();
Will this produce any problems with client credentials where a client id is required?
It seems to work fine but I wanted to double check.
Will this produce any problems with client credentials where a client id is required?
The client credentials grant always requires client authentication and options.AcceptAnonymousClients()
has no effect on this specific grant: if you don't send a client_id
, you'll get an error.
Thank you for the help.
Doing some housecleaning but as always, feel free to reopen if additional details are needed 👍🏻
Thanks for the help Kevin!