oltu-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mathieu Bernard <math...@brnrd.fr>
Subject Client authentication using the password flow ?
Date Mon, 10 Feb 2014 16:11:57 GMT
Hello world,

I'm new to oAuth2 and the Oltu project. It's been a week that I dig and
hack in the project sources.

I'm trying to implement the password grant type flow and I'm surprised to
see that I need to provide client_id and client_secret for this type of
authorization flow. It seems it's due to the boolean
enforceClientAuthentication in PasswordValidator.java.
However, the OAuth's 2 spec (http://tools.ietf.org/html/rfc6749#section-4.3)
state that the usename, password and grant_type are only required.

Why does Oltu force you to add the client authentication when using the
password flow ?
Am I missing something ?


View raw message