How to define JWT token mode for client_credentials flow in node oidc-provider

Asked May 05 '22 at 09:47

Active May 05 '22 at 15:31

Viewed 320 times

I try to use the https://github.com/panva/node-oidc-provider for our OAuth implementation.

There we have also some services that have to use client_credentials flows. Currently we are getting an opaque Access Token but we need this as a JWT Token.

In the past > 7.x it was possible if define

{
  formats: {
    ClientCredentials: 'jwt',
    AccessToken: 'jwt',
  }
}

But this was removed with the major version 7.x

What do we have to define to receive also for the client_credentials flow an jwt token as well?

asked May 05 '22 at 09:47

gigo1980

I'm not an expert, and I might miss some things, but let me remind you, that, since JWTs are easily decodable by a third party, they should contain only public (non-secret) data, and definitely not client credentials. – Parzh from Ukraine May 05 '22 at 09:51
As Dima said, JWTs are not encrypted. They are just encoded and should not be used to store sensitive informations. https://jwt.io/introduction A JWT **is** the authentication. – Marc May 05 '22 at 11:40

How to define JWT token mode for client_credentials flow in node oidc-provider

0 Answers0