We have a scenario in which we have a separate application that needs to fetch information from a Litium web API. Some endpoints need to be secured and should only be accessible for signed in users. The documentation describes how to use service accounts and the /litium/oauth/token endpoint, but in this scenario, we need to be able to authenticate/authorize individual users (customers) and not a remote server.
I found a discussion in this forum from 2019 suggesting to use a service account together with the password grant flow. oAuth JWT Client is invalid - Questions - Litium Forum.
Today the password grant flow is legacy and not advised to use. OAuth 2.0 Password Grant Type
Is there any alternatives to the password grant when using the MVC Accelerator? For example, another OAuth flow? I can see that there are some settings in back office for each service account maybe indicating support for other flows but I haven’t found any information about this in the Litium docs.
Litium version: 8.19.1