You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
From RFC6749: "The authorization server MAY accept any form of client authentication meeting its security requirements.".
However given a client query and a request object, the authlib.specs.rfc6749.authenticate_client.authenticate_client function tries to apply multiple authentication methods to the client hopping that one of them will succeed. But the actual authentication method to use is not known and may be application specific.
I think that authentication should be delegated to the client itself (authlib.specs.rfc6749.models.ClientMixin) and developers will implement the correct authentication method depending of the type of client.
Common helpers can be provided through.
The text was updated successfully, but these errors were encountered:
The design of authenticate_client is based on RFC7591, which will be implemented later. Each grant type can have its own client authentication methods, e.g.
authorization_code accepts confidential client and public client
implicit accepts only public client
others accept only confidential client
If you take a look into grants, you will find that there is a TOKEN_ENDPOINT_AUTH_METHODS. If you need to design another mean of authentication, you can register_authenticate_method and use this method in each grant type.
From RFC6749: "The authorization server MAY accept any form of client authentication meeting its security requirements.".
However given a client query and a request object, the
authlib.specs.rfc6749.authenticate_client.authenticate_client
function tries to apply multiple authentication methods to the client hopping that one of them will succeed. But the actual authentication method to use is not known and may be application specific.I think that authentication should be delegated to the client itself (
authlib.specs.rfc6749.models.ClientMixin
) and developers will implement the correct authentication method depending of the type of client.Common helpers can be provided through.
The text was updated successfully, but these errors were encountered: