Reputation: 514
Do I need to create client_id and client_secret for each user for implementing oauth?
here is my question : I'm building an API which allows users to manage some objects at home via an application. I read along this article about grants for acquiring an access token, and the grant I should use : https://alexbilbie.com/guide-to-oauth-2-grants#which-oauth-20-grant-should-i-use
As far as I understood, as the application is a first party (we develop it), and the API are ours as well, it seems that I only need to ask them a login and a password (Implicit grant) for the oAuth flow authentication.
For now, the database contains users, and for each one a client_id and a client_secret. How should I manage passing those informations to the server though ?
Moreover, should each user have a client_id and a client_secret or should I manage to have unique ones for everyone that I could store in the application ?
Thanks
Upvotes: 2
Views: 122
Answers (1)
Reputation: 7123
No client_id and client_secret are for each application that want to access to the resource.
Upvotes: 1
Related Questions
- Understanding client_id and client_secret
- Is having the client id and client secret in code a security risk?
- OAuth2 - how to authorize without client secret?
- Creating a client_id and registering an account using OAuth
- Will my client_id/client_secret for OAuth API work for other users?
- OAuth client credentials concept
- Understanding the need of client id, client secret in oauth 2.0
- Does Oauth 2.0 need consumer key/consumer secret
- OAuth2 Provider Architecture - Should requests w/ Access_Tokens be accompanied by Client_Key & Client_Secret as well?
- Storing OAuth2 client_id and client_secret securely in a client side app