Hi Paul,
Thanks for your help and explanation.
I’m still confused how with client credentials flow we can segregate the permissions with a single clientId/oauth profile on Solace.
Following I’m trying to put my understanding of how we should configure OAuth client_credentials flow with Solace:
I’m assuming here many client Ids/oauth profiles in Solace, because is the only secured way I see to have different clients mapped with corresponding authorization groups. If we use one single clientId/oauth profile, we can have different scopes, but the client credentials are shared, meaning if one application knows what scope is used by another, it can access their Solace objects… or am I seeing it completely wrong?
In another hand, when using password Oauth grant type flow, since each user on Oauth Server belongs to a group, we can map 1-1 Oauth server group<->Authorization group and allows to have a more fine-grained and secured control.
Since the client_credentials is the recommended way to setup this, can you please advise how we should approach this?
Thanks!