I am setting up oauth2 for rest springboot interfaces.
Our clients will be websites(we own it, Oauth sdk clients) as well as external clients calling our rest APIs directly from their systems (no GUI -> scripts and serverside apps).
what is the best way to provide 3rd party clients access tokens without the GUI redirect auth process?
I am able to do password grant, but that require base64[client_id:secret] and thus I can not provide this to our customers, leaving me with a rest endpoint where they auth and I then generate a token for them to use after calling the token service on their behalf. not ideal but work around over https calls.
I would like to get an alternative way for the 3rd party clients to auth without redirect/GUI interface if possible.