Stream: smart
Topic: The grant_type in the Client Credential flow
B Stibbe (Feb 08 2021 at 15:53):
Hello,
I want to use the Client Credentials Flow Diagram to get an access token from the Authorization Server.
Further, I want to use the client secret jwt flow as described in https://openid.net/specs/openid-connect-core-1_0.html#OAuth.JWT 9. Client Authentication
So my token request to the Authorization Server is something like:
POST /oauthuri/token
Accept: application/json
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=appId
&client_assertion=Signed_JWT_WITH_ client_secret
&client_assertion_type="urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
My question is: is the grant_type correct or should I use grant_type=authorization_code.
The response should be something, like:
{
"access_token":"dtJraWQiCiJ1rdG.eyJhenDdiJteS1j.THfffuX7Ly4g",
"token_type":"bearer",
"expires_in":59,
"scope":"system/ResourceType.*"
}
Michele Mottini (Feb 08 2021 at 16:00):
client_credentials is the correct grant type. The request should specify also the requested scopes. No double quote in the client_assertion_type value. Values should be URL encoded.
Michele Mottini (Feb 08 2021 at 16:01):
See http://hl7.org/fhir/uv/bulkdata/authorization/index.html#3-obtain-an-access-token
Last updated: Apr 12 2022 at 19:14 UTC
