You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 5, 2023. It is now read-only.
I am trying to obtain access token according to Section 4.3.2 Of OAuth 2.0 RFC.
When I send client_id and client_secret together with username and password everything works fine. But I need to obtain the access token without sending client_id and client_secret as my client is not confidential, say. Here is the HTTP flow between client and authorization server.
I am trying to obtain access token according to Section 4.3.2 Of OAuth 2.0 RFC.
When I send client_id and client_secret together with username and password everything works fine. But I need to obtain the access token without sending client_id and client_secret as my client is not confidential, say. Here is the HTTP flow between client and authorization server.
POST http://localhost:3000/oauth2/token HTTP/1.1
User-Agent: Fiddler
Host: localhost:3000
Content-Type: application/x-www-form-urlencoded
Content-Length: 59
grant_type=password&username=[email protected]&password=test
The server responds with 400 Bad request
HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 71
X-Ua-Compatible: IE=Edge
X-Runtime: 0.009000
Server: WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22)
Date: Thu, 04 Apr 2013 11:56:27 GMT
Connection: Keep-Alive
{"error":"invalid_request","error_description":"'client_id' required."}
How can I force the server not to bother about client's credentials?
The text was updated successfully, but these errors were encountered: