Client Credentials Grant Flow is REALLY BAD
Рет қаралды 4,173
Күн бұрын
@ygorcosta6893 11 ай бұрын
It depends a lot on the system's requirements. For instance, if you need to make this query on the front end, you leave the client ID and secret on the backend. After receiving the token, you can then use it securely on the front end. However, it's essential to restrict the token's lifespan; otherwise, it won't be effective.
@MortenHolje Жыл бұрын
Hi Michael, thanks for great videos about grant flows. I think you should have specified that the auth service grants tokens which you use to consume resources from an API. It's alot better than using API keys. Still learning, so please correct me if im wrong here (anyone, not just Michael).
@benpracht2655 Жыл бұрын
What should be done instead? How would you handle an automated request from another backend service?
@Renanfg 10 ай бұрын
so this flow is good for backend to backend since there's no exposure
@kaustubh1871 Жыл бұрын
Hi, Great Explanation. I was really clear and was on point! It would be great if you could make a similar one for implicit grant and resource owner credentials grant. Thank you.
@ScrotoTBaggins Жыл бұрын
I little simplistic to just say client credentials bad
@bissellator Жыл бұрын
They're simply unsecure.
@longb1913 Жыл бұрын
what to use instead then@@bissellator
@rhysevancampbell 3 ай бұрын
@@bissellator I kind of agree with the comment. Bad for what? What is the better approach? And in what situation?
LEARNING PARTNER
Рет қаралды 71 М.
Уголок сельского джависта
Рет қаралды 12 М.
Milan Jovanović
Рет қаралды 61 М.