Support for Resource Owner Password Credentials flow
marcstern opened this issue · 2 comments
marcstern commented
This is a feature request.
If you have an application (like a scheduled job) that has no real (human) user, but needs to connect to your application, the Authorization Code Grant flow cannot be used (unless you hard-code the full autentication flow, which could change at any time).
The ROPC flow is the only way to go I'm afraid.
It would be rather easy to support the ROPC flow. At least one implementation of it.
Here is one working proposal, some variations may be imagined:
- We set OIDCResponseType to "client_credentials"
- The client sends each request with a usual Basic Authentication header (Authorization: b64{user:password})
- When the directive OIDCResponseType to "client_credentials", mod_auth_openidc grabs user & password from the header and sends a ROPC-compatible request to the token endpoint (and removes the Authorization header)
- The result can be used as usually
It seems that simple, no?
github-actions commented
marcstern commented
What's the problem with my feature request? Why was it rejected by the bot?