Client Authentication via Basic Authorization, not body

Open gologo13 opened this issue 12 years ago • 2 comments

Hello.

The basic authorization is necessary to be supported when we do a client authentication. It is written this rfc 2.3.1 Client password.

Some OAuth2.0 implementation doesn't allow to include a client ID and client secret in the both of the body and the Authorization header. So, I did this pull request.

Feb 18 '13 18:02 gologo13

+1 It is useful in the case that BASIC authorization id and password cannot be written in POST body. (e.g I tried on http://developer.yahoo.co.jp/yconnect/) So, custom header interface is necessary, I think.

Feb 19 '13 02:02 Lewuathe

Please merge this. It works and it's useful : ) Thanks !

Aug 05 '16 09:08 sd65