I am not aware of the use cases where the client credentials flow is used for authenticating anything, but a client. But the flow is used for authorizing access to the resources other than those owned by a client.
>From OAuth2.0 -05.txt: The client credentials flow is used when the client acts on behalf of itself (the client is the resource owner), or when the client credentials are used to obtain an access token representing a previously established access authorization. I am for the initial proposal to replace "none". Zachary -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Eran Hammer-Lahav Sent: Friday, July 16, 2010 6:27 PM To: Brian Eaton Cc: OAuth WG Subject: Re: [OAUTH-WG] Change grant_type="none" to something less confusing The client authentication can be used to retrieve a grant previously arranged. While the grant is linked to the client, it is not always about the client's resources. Calling it 'client' implies it is about the client's resources. EHL On Jul 16, 2010, at 18:19, Brian Eaton <[email protected]> wrote: > On Fri, Jul 16, 2010 at 2:25 PM, Eran Hammer-Lahav <[email protected]> > wrote: >> External, out-of-band, implicit. >> >> It cannot be client because that is not always the case. > > Can you point to a use case where someone is going to use the client > password flow to authenticate something besides a client? > > Because I'm pretty sure that use case is crazy, and can safely be ignored. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
