is client_credentials flow supported?

[swapnild2111]

Hello Team, I was trying to implement the service to service call via plugin authentication. I expect the plugin will use client_credential grant flow and get me a bearer token which I will use to call the required service. There should not be any user interaction in authentication process. It should be with client id & secret only.

Do you know if plugin supports this behaviour? If yes, can you please help me configure it?

[lyndon160]

client_credentials flow is managed by your OIDC server. When you've set this plugin up, you should just be able to use the token that you got from your OIDC server and this plugin will allow it.

[mssaisandeep]

How will it allow? Can you just explain in detail? When I use client credentials I will get the id_token, access_token, refresh_token. But this plugin requires session and session_2 as cookies. I am confused. Can someone help me in understanding?

[mtenmann]

I am asking to see if I understand it correctly; the OIDC plugin supports all the authentication flows that the OIDC server provides? (My use case is from Kong to Keycloak with client credentials flow)

[AnirudhaGohokar]

You need to add introspection_endpoint if using client_crendential flow otherwise it would try authorization flow which would call the authorize endpoint.