I’ve implemented the client credentials grant flow and successfully received an access token but when I use that token for the /userinfo
call I get an unauthorized response. Part of the response message says that the openid scope is missing. The documentation says that only custom scopes can be used for this flow and I get an invalid scope error when passing in openid.
Is the token received from the client credentials flow usable by the /userinfo
call?
There isn’t a user associated with the token in the client credentials flow so you won’t be able to use the /userinfo
endpoint.
What is your use case?
Thanks for the quick response and for confirming that.
Here’s the use case:
There’s a backend service that creates/updates db data and it calls /userinfo
with the passed-in access token to authenticate the user making the call and get their user id. This service has been used by a regular browser app that logs in a user using their username and password.
We want to use this backend service through a slack command and do not want to use any of the flows that require redirects for authorization because data passed into the command is lost after redirection.
Maybe you’re looking for the resource owner password flow?
We ended up bypassing the /userinfo
call and added token validation but the flow you suggested would definitely have been a better option over the redirect flows - thanks!
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.