defmodule OAuth2.Strategy.ClientCredentials do
@moduledoc """
The Client Credentials Strategy
http://tools.ietf.org/html/rfc6749#section-1.3.4
The client credentials (or other forms of client authentication) can
be used as an authorization grant when the authorization scope is
limited to the protected resources under the control of the client,
or to protected resources previously arranged with the authorization
server. Client credentials are used as an authorization grant
typically when the client is acting on its own behalf (the client is
also the resource owner) or is requesting access to protected
resources based on an authorization previously arranged with the
authorization server.
"""
use OAuth2.Strategy
@doc """
Not used for this strategy.
"""
@impl true
def authorize_url(_client, _params) do
raise OAuth2.Error, reason: "This strategy does not implement `authorize_url`."
end
@doc """
Retrieve an access token given the specified strategy.
"""
@impl true
def get_token(client, params, headers) do
{auth_scheme, params} = Keyword.pop(params, :auth_scheme, "auth_header")
client
|> put_param(:grant_type, "client_credentials")
|> auth_scheme(auth_scheme)
|> merge_params(params)
|> put_headers(headers)
end
defp auth_scheme(client, "auth_header"), do: basic_auth(client)
defp auth_scheme(client, "request_body"), do: request_body(client)
defp request_body(client) do
client
|> put_param(:client_id, client.client_id)
|> put_param(:client_secret, client.client_secret)
end
end