client_credentials flow support?
juliussuominen opened this issue · 2 comments
Describe the problem you'd like to have solved
Just clarify this for myself: Does this package support the client_credentials flow? I haven't been able to configure the auth middleware to accept client_credentials access tokens received from a locally running OIDC provider implemented with oidc-provider. Authorization code flow seems to work as expected.
Describe the ideal solution
Get access token from OIDC provider /token endpoint, use (bearer) token for authenticating requests to a Node.js api protected by express-openid-connect.
Alternatives and current work-arounds
Implement a custom middleware using https://github.com/panva/node-openid-client.
Additional information, if any
N/A
Hi @juliussuominen - thanks for raising this
for authenticating requests to a Node.js api protected by express-openid-connect.
This SDK is for doing web sign-on. To protect an API with an access token - we recommend using https://github.com/auth0/node-oauth2-jwt-bearer
Great, thanks!