You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A client-credentials client is a natural fit for running a service that should not be operated on behalf of a specific member of the VO. A potential downside is that such a client cannot be added to any group and can hence cannot obtain tokens containing group information that might be desirable or required for certain use cases.
Tokens requested by such a service might then need to have group notions expressed through capabilities listed in scopes, which may be deemed awkward at best.
A workaround is to define a service user in the VO and log in as that user to approve a device-flow client that then can be used by the service in question.
Should group memberships also be supported for client-credential clients?
The text was updated successfully, but these errors were encountered:
A client-credentials client is a natural fit for running a service that should not be operated on behalf of a specific member of the VO. A potential downside is that such a client cannot be added to any group and can hence cannot obtain tokens containing group information that might be desirable or required for certain use cases.
Tokens requested by such a service might then need to have group notions expressed through capabilities listed in scopes, which may be deemed awkward at best.
A workaround is to define a service user in the VO and log in as that user to approve a device-flow client that then can be used by the service in question.
Should group memberships also be supported for client-credential clients?
The text was updated successfully, but these errors were encountered: