From c5e5b9a14607b335ac724ebbdfabf1cea64c13ea Mon Sep 17 00:00:00 2001 From: Jesse Wright <63333554+jeswr@users.noreply.github.com> Date: Thu, 23 Apr 2026 02:31:46 +0100 Subject: [PATCH 1/2] Relax client credentials grant requirement --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index c4a85c3..3c3a7d9 100644 --- a/index.bs +++ b/index.bs @@ -443,7 +443,7 @@ Discovery 1.0 [[!OIDC-DISCOVERY]] resource by including `webid` in its `scopes_s NOTE: This sections borrows concepts from OAuth 2.0 [[!RFC6749]], while the rest of Solid-OIDC builds on top of OpenID Connect Core 1.0 [[!OIDC-CORE]]. The section is likely to be extracted into a separate specification in the future. -Authorization Servers MUST support the OAuth 2.0 Client Credentials Grant [[!RFC6749]] (Section 4.4) to enable +Authorization Servers SHOULD support the OAuth 2.0 Client Credentials Grant [[!RFC6749]] (Section 4.4) to enable non-interactive authentication for scripts, automated agents, and server-to-server communication. NOTE: Scripts and bots can also use Solid-OIDC without Client Credentials via the [refresh token From 3a78f03e2ac023df808cb0994d19171c8a03d59b Mon Sep 17 00:00:00 2001 From: Jesse Wright <63333554+jeswr@users.noreply.github.com> Date: Thu, 23 Apr 2026 02:36:34 +0100 Subject: [PATCH 2/2] Make client credentials discovery requirement conditional --- index.bs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/index.bs b/index.bs index 3c3a7d9..a45dc31 100644 --- a/index.bs +++ b/index.bs @@ -470,10 +470,10 @@ credentials. ## Solid-OIDC Conformance Discovery ## {#client-credentials-discovery} -For non-interactive use cases such as scripts, automated agents, and server-to-server communication, this specification -also requires that an OpenID Provider that conforms to the Solid-OIDC specification MUST advertise its support for the -[Client Credentials Grant](https://www.rfc-editor.org/rfc/rfc6749#section-4.4) in the OpenID Connect Discovery 1.0 -[OIDC.Discovery] resource by including `client_credentials` in its `grant_types_supported` metadata property. +For non-interactive use cases such as scripts, automated agents, and server-to-server communication, an OpenID Provider +that supports the [Client Credentials Grant](https://www.rfc-editor.org/rfc/rfc6749#section-4.4) MUST advertise that +support in the OpenID Connect Discovery 1.0 [OIDC.Discovery] resource by including `client_credentials` in its +`grant_types_supported` metadata property.