serve Shibboleth protected API for machine accounts as well
Cantor, Scott
cantor.2 at osu.edu
Mon Apr 11 13:04:16 UTC 2022
On 4/11/22, 8:54 AM, "users on behalf of Marco Lechner via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> what is the recommended or the default way to access a server-API protected by Shibboleth/SAML2 from
> machine accountes/scripts?
There isn't one, you covered all of the trade offs. Personally I would say certificate authentication is how servers should deal with each other. The world disagrees with me and thinks weak OAuth bearer tokens are the answer (which is why the client_credentials grant is in the next OP release).
-- Scott
More information about the users
mailing list