We want to implement a machine to machine authorization with OAuth2.0. But we are not sure how we can do Authentication (ie. How we can identify which client who connects with us). The use case would be:
- Multiple clients with different OAuth credentials want to connect our service.
- We are using JWT Token for the OAuth implementation.
- With OAuth we can authorize them since they will have the valid token
- We want to be able to identify which client to statistic need.
One solution could be the use of scope fields in JWT Token, but it seems like a hack rather than a proper solution.
Is there any best practice in this domain, for me it is more like a openId but for a machine.