OIDC and id tokens with the client_credentials grant?

[opobla]

Hello!

I am trying to use the client_credentials grant to authenticate apps so they can call the endpoints of other resource servers implemented with the Django REST framework.

As far as I understand, the token obtained at the /token endpoint of the authorization server is of the opaque type. This token is passed as a bearer token in the Authorization header of the requests made to the resource server. The resource server, in turn, calls the /introspection endpoint of the authorization server to validate that the token is still valid.

Instead of using the introspection endpoint with these opaque tokens, I would like to switch to JWT ID tokens, whose validity could be checked using their RS256 signature. I would also like to leverage the OIDC discovery mechanism to find the issuer's key.

In summary, what I think I need is the OIDC client_credentials grant. However, from the docs (https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#openid-connect-support), it seems it is not supported. So my question is: how could I implement this flow and obtain a JWT ID token using the client credentials grant?

Thanks a lot for your help!

[abelmejiasvisma]

Hi, where i work we manage to do this by modifying the ACCESS_TOKEN_GENERATOR settings, we create our own callback that generate the JWT token using RS256 signatuve, finally we also create a new endpoint JWKS based on https://github.com/jazzband/django-oauth-toolkit/blob/master/oauth2_provider/views/oidc.py#L112 using our own RSA Private key, now our other services (writing with django and DRF too) can validate the Json Web token. English is not my native language so i apologies for any mistake.