I am excited to announce that, as of build 17.10, the Centrify Identity Platform now supports OAuth2 as preview functionality. Support for accepting tokens from external OAuth Servers will be added very soon.
OAuth2 offers many solutions to developers who need to have their code communicate to the Centrify Identity Platform in situations where the user is present, and in situations where the user is not present. For cases where the user is not present, such as automation or back end service accounts, OAuth2 Client Credentials, combined with a OAuth Confidential Client, offers a low risk alternative to the traditional service account concept. This is done by having the Confidential Client's (a developers code) access be scoped to specific API's, and not allowing it to "log in" via a UI or though any normal authentication. Authorization is instead restricted to the specific OAuth server, the access is scoped, and policy can be put in place to lock authorization down to a specific IP address. With this in place, even if a Client ID and Secret were compromised, it would not be useful outside of the environment that it was meant to be used in, thus greatly lowing the risk associated with traditional service accounts.
You can find more information on OAuth here in the developer portal https://developer.centrify.com/docs/oauth. Additionally, the API demo example project on GitHub (https://github.com/centrify/centrify-samples-aspnet-server) has been enhanced to use OAuth2 in its user self registration example. You can read more about this support in the projects readme on GitHub.
Please send any questions regarding OAuth2 to [email protected]