client_credential flow

[navid-shokri]

I am looking for the implementation of the client_credential OAuth2 flow in Owncloud to secure my machine-to-machine API calls.
In my Scenario, I have a worker service that interacts with Owncloud APIs but I need to protect the APIs from anonymous calls and force the callers to use an access token (JWT) for authentication and authorization.

[michaelstingl]

@navid-shokri did you consider App Passwords / Tokens?

• https://doc.owncloud.com/webui/next/classic_ui/personal_settings/security.html#app-passwords-tokens

[navid-shokri]

yes, I do. But it means I should assign a real user to my third-party application. and I should use a basic authorization header?
I was expecting there should be a more seamless and secure approach as OAuth client_credentials flow. 😞

[shokri-navid]

do you think it can be useful for others to implement the cient_credentials flow base on this RFC? it seems pretty easy.
https://datatracker.ietf.org/doc/html/rfc6749

[navid-shokri]

@phil-davis
Do you think contributing to this feature can be merged?