Booked Scheduler Community Support
June 04, 2020, 05:43:13 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Login Register  
Pages: [1]
  Print  
Author Topic: Booked API authentication grant flow  (Read 352 times)
jjarv
Newbie
*

Karma: 0
Posts: 1


« on: May 11, 2020, 04:10:11 PM »


According latest OAuth 2.0 Security Best Current Practice document APIs should not use user name and password (aka. Resource Owner Password Grant) to authorize users. Would it be possible to implement something like Oauth client credentials flow instead of using user name & password in API. It is of course debatable if fixed API keys give any better security compared to using user credentials, but at least there would be separation between credentials and API access.

 
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.20 | SMF © 2006-2007, Simple Machines Valid XHTML 1.0! Valid CSS!