node-oauth2-provider icon indicating copy to clipboard operation
node-oauth2-provider copied to clipboard
verified publisher icon ammmir

password grant_type requires secret?

Open tj opened this issue 12 years ago • 1 comments

it should be optional so you can have things like command-line tools that are user-accessible but wont expose a secret

tj avatar Jul 29 '13 22:07 tj

I was just now looking at the oauth2-provider implementation of the password flow and it seems like the client is meant to be authenticated, prior or during the password auth flow as described here:

http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.3

Checking notes actually explain the calling convention which seems consistent with the oauth2 draft. https://github.com/ammmir/node-oauth2-provider/commit/074f9a8bc9e42e0a4f667e87ba6eca52ee03b1e2 It would be useful to add the calling URL example to the docs though.

hillct avatar Nov 10 '13 00:11 hillct