Add support for OAuth2 client-credentials flow

Question

Add support for OAuth2 client-credentials flow

Opened this issue 10 months ago · 0 comments

ro-poletti-reply commented 10 months ago

The current implementation makes the assumption that the authorization code flow is in use.

My feature request is integrating OAuth2 client-credentials flow to achieve machine-to-machine communications. The idea would be to replicate what has already been done for OIDC: standard implementation, caching features shared across HA NGINX instances (please, see the end of this description) and suggested advanced NGINX settings out of the box. This means having a standardized implementation of RFC6749 for the above-mentioned grant-type (i.e. client-credentials), where NGINX Plus is configured as a relying party.

In the given scenario, the use-case is therefore the following:

The client_id and client_secret are inserted by the client application in the request payload and submitted to NGINX for the purposes of requesting a new access token. Caching of the access token is done by the application itself, which requires NGINX to issue a new token when the old one expires in the application internal cache. Either way, NGINX might cache the access token too if you deem it necessary.