I am trying to use the client_credentials grant to authenticate apps so they can call the endpoints of other resource servers implemented with the Django REST framework.
As far as I understand, the token obtained at the /token endpoint of the authorization server is of the opaque type. This token is passed as a bearer token in the Authorization header of the requests made to the resource server. The resource server, in turn, calls the /introspection endpoint of the authorization server to validate that the token is still valid.
Instead of using the introspection endpoint with these opaque tokens, I would like to switch to JWT ID tokens, whose validity could be checked using their RS256 signature. I would also like to leverage the OIDC discovery mechanism to find the issuer's key.
Hello!
I am trying to use the
client_credentialsgrant to authenticate apps so they can call the endpoints of other resource servers implemented with the Django REST framework.As far as I understand, the token obtained at the
/tokenendpoint of the authorization server is of the opaque type. This token is passed as a bearer token in the Authorization header of the requests made to the resource server. The resource server, in turn, calls the/introspectionendpoint of the authorization server to validate that the token is still valid.Instead of using the introspection endpoint with these opaque tokens, I would like to switch to JWT ID tokens, whose validity could be checked using their RS256 signature. I would also like to leverage the OIDC discovery mechanism to find the issuer's key.
In summary, what I think I need is the OIDC client_credentials grant. However, from the docs (https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#openid-connect-support), it seems it is not supported. So my question is: how could I implement this flow and obtain a JWT ID token using the client credentials grant?
Thanks a lot for your help!