Booked Scheduler Community Support
June 04, 2020, 05:43:13 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
   Home   Help Login Register  
Pages: [1]
Author Topic: Booked API authentication grant flow  (Read 352 times)

Karma: 0
Posts: 1

« on: May 11, 2020, 04:10:11 PM »

According latest OAuth 2.0 Security Best Current Practice document APIs should not use user name and password (aka. Resource Owner Password Grant) to authorize users. Would it be possible to implement something like Oauth client credentials flow instead of using user name & password in API. It is of course debatable if fixed API keys give any better security compared to using user credentials, but at least there would be separation between credentials and API access.

Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.20 | SMF © 2006-2007, Simple Machines Valid XHTML 1.0! Valid CSS!