New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resource Owner Password Credential Grant Interception Script #230

Open
yurem opened this Issue May 25, 2016 · 3 comments

Comments

Projects
None yet
4 participants
@yurem
Contributor

yurem commented May 25, 2016

This interception script would provide a way to customize back channel authentication.

@yurem yurem added the enhancement label May 25, 2016

@yurem yurem added this to the CE 2.4.5 milestone May 25, 2016

@yurem yurem self-assigned this May 25, 2016

@mzico mzico changed the title from Suuport interceptor scrpts with 'service' type in Owner Password Credentials Grant to Suport interceptor scrpts with 'service' type in Owner Password Credentials Grant May 25, 2016

@mzico mzico changed the title from Suport interceptor scrpts with 'service' type in Owner Password Credentials Grant to Support interceptor scrpts with 'service' type in Owner Password Credentials Grant May 25, 2016

@nynymike nynymike changed the title from Support interceptor scrpts with 'service' type in Owner Password Credentials Grant to Support interceptor scripts with 'service' type in Resource Owner Password Credential Grant May 25, 2016

@nynymike

This comment has been minimized.

Contributor

nynymike commented May 25, 2016

This would be convenient.

@nynymike nynymike modified the milestones: CE 3.1.0, CE 3.0.0 Nov 29, 2016

@nynymike nynymike modified the milestones: 3.2.0, CE 3.1.0 Apr 7, 2017

@nynymike

This comment has been minimized.

Contributor

nynymike commented Apr 7, 2017

I'm moving this to 3.2. It could be convenient, but exposing the secret to the client is a bad thing, in general.

@nynymike nynymike changed the title from Support interceptor scripts with 'service' type in Resource Owner Password Credential Grant to Resource Owner Password Credential Grant Interception Script Apr 7, 2017

@willow9886 willow9886 modified the milestones: 3.2.0, CE 3.2.0 Apr 10, 2017

@nynymike nynymike modified the milestones: 3.2.0, 3.1.4 May 30, 2018

@yurem

This comment has been minimized.

Contributor

yurem commented Jun 5, 2018

It's 2 years old issue. And I'm not sure that it's actual since we not implemented it already.

This grant type is not very popular.In this flow RP asks user for password and send it directly to RS
As far as I remember it uses endpoint without browser to get token.
The only one place which we can cover with scripts here is user and client password validation. oxAuth can call script with service type to validate user/password and client/password

@nynymike nynymike closed this Jun 5, 2018

@nynymike nynymike reopened this Oct 5, 2018

@nynymike nynymike modified the milestones: 3.1.4, 3.1.5 Oct 5, 2018

@nynymike nynymike assigned qbert2k and unassigned yurem Oct 23, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment