Skip to content
This repository has been archived by the owner on Oct 5, 2023. It is now read-only.

client_id required. Why? #49

Open
username99987 opened this issue Apr 10, 2013 · 0 comments
Open

client_id required. Why? #49

username99987 opened this issue Apr 10, 2013 · 0 comments

Comments

@username99987
Copy link

I am trying to obtain access token according to Section 4.3.2 Of OAuth 2.0 RFC.

When I send client_id and client_secret together with username and password everything works fine. But I need to obtain the access token without sending client_id and client_secret as my client is not confidential, say. Here is the HTTP flow between client and authorization server.

POST http://localhost:3000/oauth2/token HTTP/1.1
User-Agent: Fiddler
Host: localhost:3000
Content-Type: application/x-www-form-urlencoded
Content-Length: 59

grant_type=password&username=[email protected]&password=test

The server responds with 400 Bad request

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 71
X-Ua-Compatible: IE=Edge
X-Runtime: 0.009000
Server: WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22)
Date: Thu, 04 Apr 2013 11:56:27 GMT
Connection: Keep-Alive

{"error":"invalid_request","error_description":"'client_id' required."}

How can I force the server not to bother about client's credentials?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant