Menu
Is it necessary to use an OAuth if the communication is exclusive for a machine to machine only? Right now, I am using IP restriction plus private key.
364
Machine authentication is the authorization of an automated human-to-machine or machine-to-machine (M2M) communication through verification of a digital certificate or digital credentials.
M2M Authorization is the process of providing remote systems with secure access to information. Using this process, business systems can communicate autonomously and execute business functions based on predefined authorization.
OAuth (short for "Open Authorization") is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
It is nice to keep your authentication frameworks consistent across applications deployed in the same infrastructure.
Therefore, if you are already using OAuth 2.0 somewhere in your environment, taking advantage of the client credentials grant can be advantageous for server-to-server calls to still be authenticated using the same framework but not requiring any user during the authorization flow.
The flow is quite simple:
Make a POST request from the client application to the authorization server
POST https://api.oauth2server.com/token
grant_type=client_credentials&
client_id=CLIENT_ID&
client_secret=CLIENT_SECRET
Receive the OAuth token response containing an access_token and refresh token
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"example",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter":"example_value"
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
