Source

jk / docs / source / connect_credential_flow.rst

OpenID Connect Client Credentials Flow with JSON Web Token(JWT) Bearer Token

Abstract

This documentation will define Client Credential flow for OpenID Connect authorization grant process with JWT Bearer Token, and follows basic principle in Web Token (JWT) Bearer Token Profiles for OAuth 2.0 [:term:`JWT.BEARER`].

Introduction

OpenID Connect Standard [:term:`CONNECT.STANDARD`] defines only 2 authorization grants flows: Authorization Code flow and Implicit flow.

This documentation will define additional Client Credential flow for entities to handle token request with OpenID Conenct Standard binding.

With using "Web Token (JWT) Bearer Token Profiles for OAuth 2.0" [:term:`JWT.BEARER`], a client directly request access token at an Authorization Server's Token Endpoint and can optionally present OpenID Connect Request Object or Request File.

Token Endpoint

As like OAuth Creent Credentials flow, Client directly request an access token at Token Endpoint.

Request

Connect Client Credentials flows requires the following parameters.

Parameters

[1]openid should be specifed like the other Connect specs ?

Request Object or Request File Paramters

In additional to parameters defined above, one of the following parameters can be optinally used to specify Connect Request Object or Request File.

Response

Returning successfull responses MUST be followed the manner defined in "3.1.2 Access Token Response" in [:term:`CONNECT.STANDARD`] to return access tokens to UserInfo Endpoint.

Reutning erroh responses MUST be followed the manner defined in "3.1.3 Access Token Error Response" in [:term:`CONNECT.STANDARD`] .