oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Sanso (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OLTU-163) GrantType password and Missing parameters: client_secret
Date Mon, 14 Sep 2015 09:19:46 GMT

    [ https://issues.apache.org/jira/browse/OLTU-163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14743213#comment-14743213
] 

Antonio Sanso commented on OLTU-163:
------------------------------------

[~rikard] I respectfully disagree... why do you think is so ?

In the spec example

{code}
POST /token HTTP/1.1
     Host: server.example.com
     Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
     Content-Type: application/x-www-form-urlencoded

     grant_type=password&username=johndoe&password=A3ddj3w
{code}

the client secret is passed in here {{Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW}}

> GrantType password and Missing parameters: client_secret
> --------------------------------------------------------
>
>                 Key: OLTU-163
>                 URL: https://issues.apache.org/jira/browse/OLTU-163
>             Project: Apache Oltu
>          Issue Type: Bug
>          Components: oauth2-authzserver
>    Affects Versions: oauth2-1.0.0
>         Environment: JBOSS 8 (wildfly) 
> JDK 1.7
>            Reporter: alizarion
>            Priority: Minor
>
> when i try to parse request with grant_type=password and there is no client_secret, OAuthTokenRequest
throw Missing parameters.
> client_secret is not required for a GrantType password
> https://tools.ietf.org/html/rfc6749#section-4.3.2



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message