Add IsTrusted to Client

Question

Add IsTrusted to Client

alexandrevicenzi opened this issue 8 years ago · 4 comments

It would be nice to have an easy way to validate if a Client is a trusted client. Trusted clients are user for grant type password.

The Client interface could have a method to allow to check if the current client is trusted.

I know that this will break almost all users that use osin and all storages implementations.

Answer 1 · 2020-08-26T03:34:39.000Z

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

Answer 2 · 2020-08-26T08:04:28.000Z

/lifecycle frozen

Answer 3 · 2021-01-15T10:30:35.000Z

/close
There is no concept of "trusted clients" in OAuth2. There are only confidential and public clients. OAuth2.1 drafts what some call "credentialed client", but that's still very far away from what you're proposing.

RFC terms aside, the password grant has been frowned upon by the BCPs for a long time now, I don't see a reason to try to pursue any new functionality around it.

Answer 4 · 2021-01-15T10:30:51.000Z

@stlaz: Closing this issue.

In response to this:

/close
There is no concept of "trusted clients" in OAuth2. There are only confidential and public clients. OAuth2.1 drafts what some call "credentialed client", but that's still very far away from what you're proposing.

RFC terms aside, the password grant has been frowned upon by the BCPs for a long time now, I don't see a reason to try to pursue any new functionality around it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.