I have a single page application which is distributed as static files from server A. Server B is my API/OAuth 2.0 server. When I go to deploy my API, I need to create a privileged OAuth 2.0 client with some extra scopes that allow the SPA to control some more sensitive resources provided by my API. My question is this, how is this normally done? I seem to have a chicken and egg problem here. My client application needs the privileged client ID but to create a client I must create a user. Does this mean that I need to establish a master user account in my OAuth 2.0 server? How can this be secured?
Has anyone run across this issue before and, if so, how did you go about solving it?
via DaveStance
No comments:
Post a Comment