Hey @prodcoder, The client credentials flow is still safer than the resource owner password credentials flow as in case of leakage we could just simply regenerate the leaked secret. In case of password leakage, we are in big trouble as the attacker can do pretty much anything with our account.
Saying "should not use" and "anti-pattern" is a huge stretch. You should clarify the context cause if the audience is the issuer such as the case with first-party apps, then it's perfectly valid. Not every OAuth flow is about a service to another, where Authorization Flow would of course be better.
What do you think about this video?
Let me know in the comments below.
underrated channel. lots of knowledge. thanks a ton sir.
thx Vijay
Hey @prodcoder, The client credentials flow is still safer than the resource owner password credentials flow as in case of leakage we could just simply regenerate the leaked secret. In case of password leakage, we are in big trouble as the attacker can do pretty much anything with our account.
Nice explained. Very good vdo. Thanks. It helps to clear Oauth concept very easy.
thx Gurudas, I'm glad you liked it
Saying "should not use" and "anti-pattern" is a huge stretch. You should clarify the context cause if the audience is the issuer such as the case with first-party apps, then it's perfectly valid. Not every OAuth flow is about a service to another, where Authorization Flow would of course be better.
「もっと多くの人が必要なので、このビデオをもっと