RolandGuijt
commented
2 weeks ago In machine-to-machine scenarios like this using the client credentials flow is recommended.
In IdentityServer's configuration create a client for each device with a clientid and client secret setting AllowedGrantTypes to client credentials while allowing the correct API scope.
On the device in Python you can then either use a library that takes care of doing the request to the token endpoint to get the access token providing the scope or do the request manually.
Client credentials flow is described here in 4.4.
Which version of Duende IdentityServer are you using? 6.0.4
Which version of .NET are you using? .net core 7
Describe the bug I have a C# web api that uses Duende.IdentityServer. I have a react.js SPA front end that hits endpoints in the web api. The frontend has a login page, which allows users to enter UN / PW. Once they authenticate, the user is successfully able to access secured endpoints from the backend api (endpoints with the "Authorize" attribute).
I also have headless hardware devices that need to get data from the same api. The code running on the devices is written in Python3. Each hardware device has a unique serial number. I am able to provide each device a unique password. My plan is to create a new User for each one of my devices (similar to the "Register" workflow in the react application) using the serial number as the user name, and the unique password as the password. I would like to be able to get an access token that I can pass to my web api to authenticate the device, but am unable to figure out how to go about it. Any guidance is appreciated.