Client Credential grant_type about grant HOT 8 CLOSED

Currently Grant supports only 3-legged server side flow. You can use the request module for grant_type: 'client_credentials'. Here is example for Twitter:

var request = require('request')
request.post('https://api.twitter.com/oauth2/token', {
  form: {
    client_id: '...',
    client_secret: '...',
    grant_type: 'client_credentials'
  },
  json: true
}, function (err, res, body) {/*body contains the credentials*/})

Let me know if it works for you.

from grant.

Thanks for your quick answer. I could successfully receive access_token with Request.

Simeon, I find that you are the author of Purest, which also uses request. So, when I use Purest, I can pass the access_code like this.

customProvider.query()
  .select('endpoint')
  .auth('access-token')
  .request(function (err, res, body) {});

from grant.

Yep, this is how you pass your credentials using the query API in Purest.

Let me know if you have any problems. Also I'll think about adding this type of flow. Closing this issue for now.

from grant.

Yes, adding 'client credentials' grant type would be awesome. I like your library because it structures API providers with endpoints. API request codes looks much cleaner.

from grant.

@kvslee I think adding support for grant_type:client_credentials will introduce security issue with the current implementation. If you are going to use this type of flow on your web server, you want to have some logic to ensure that the user is authorized to make such request.

Besides that I changed a few things in Purest (currently not on NPM), and actually I introduced a breaking change regarding the refresh method, which is no longer available. Take a look at the examples here on how to request various grant types.

Let me know what do you think.

from grant.

@simov I did not realize that I could use Purest to do client_credentials.Thanks for the example. And it is also nice to see that you added refresh_token grant type. I like the fact that oauth endpoint can be defined in the provider configuration. Are you going to publish the updates into NPM soon?

from grant.

Yes I'm going to release the new version soon, in about 2 days at most.

from grant.

@kvslee I just released version 1.2.0 of Purest, here is the changelog.

If you have any other issues regarding Purest, address them there.

Thanks for the feedback 👍

from grant.