You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Verify users based on a signed JWT by checking that the signature matches the Hedera Account Key.
Intention
Accept a "login" request using the OAuth2 "Client Credentials" flow and the "Private Key JWT" credential form. Once the signature is validated and the assertions verified, issue a short-lived (configurable duration) OAuth2 token for the client to use with API calls.
Considerations
Other OAuth2 flows
The "Client Credentials" flow is the most appropriate for non-interactive systems. All other OAuth2 flows assume a human interaction. It is, perhaps, theoretically possible to use "CIBA" or "Device Authorization" flows, but far more complex.
Other credential types
We considered mTLS, but this does not remove the need to keep a secure key on the requesting system, and requires more setup and complexity. Hedera account keys are already present for any other interaction with the Hedera network, so the use of those keys for this purpose is natural and efficient.
Technical Details
TBD
The content you are editing has changed. Please copy your edits and refresh the page.
Goal
Verify users based on a signed JWT by checking that the signature matches the Hedera Account
Key.Intention
Accept a "login" request using the OAuth2 "Client Credentials" flow and the "Private Key JWT" credential form. Once the signature is validated and the assertions verified, issue a short-lived (configurable duration) OAuth2 token for the client to use with API calls.
Considerations
Technical Details
TBD
Tasks and Features
The text was updated successfully, but these errors were encountered: