Mautic Community Forums

Support client_credential and password grants in OAuth2

My idea is:

Currently, Mautic only supports the the authorization_code and refresh_token grant types for OAuth2 authentication against the REST API.

Please add support for the client_credential and password grants in OAuth2 to:

  1. Make authentication easier for people who want to use the REST API
  2. Allow the Mautic contributors to deprecate support for OAuth1a (which is a fork that’s currently maintained by Mautic contributors) and focus development efforts on OAuth2

I think these groups of people would benefit from this idea:
People who want to use Mautic’s REST API and Mautic core contributors (less maintenance)

Why I think they would benefit from this idea:
See above

Any code or resources to support this idea:
Not yet (TBD)

Are you willing to work on this idea?:
Yes, if time allows

What skills and resources do you need to explore this further?
A better understanding of the OAuth2 library that’s currently used by Mautic (friendsofsymfony/oauth-server-bundle if I’m not mistaken?)

It would be great to provide a way which would allow mautic api authentication without prompting a user to login.

Am I correct in understanding that this is currently not possible?

@a.bell It is currently possible to connect to Mautic’s REST API without a user having to log in by using Basic Auth: https://developer.mautic.org/#basic-authentication

It might not be ideal, but at least should be a feasible workaround for now :slight_smile: