OAuth machine to machine communication
Question
Is it necessary to use an OAuth if the communication is exclusive for a machine to machine only? Right now, I am using IP restriction plus private key.
1 answers
solution1
2 2016-05-31 10:29:23
It is nice to keep your authentication frameworks consistent across applications deployed in the same infrastructure.
Therefore, if you are already using OAuth 2.0 somewhere in your environment, taking advantage of the client credentials grant can be advantageous for server-to-server calls to still be authenticated using the same framework but not requiring any user during the authorization flow.
The flow is quite simple:
Make a
POSTrequest from the client application to the authorization serverPOST https://api.oauth2server.com/token grant_type=client_credentials& client_id=CLIENT_ID& client_secret=CLIENT_SECRETReceive the OAuth token response containing an access_token and refresh token
{ "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"example", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter":"example_value" }
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.