codeigniter-oauth2-server icon indicating copy to clipboard operation
codeigniter-oauth2-server copied to clipboard
verified publisher icon grasses

Avoiding client id and client secret in password grant type

Open jitchavan opened this issue 7 years ago • 0 comments

Currently password credentials grant type required client id and client secret. can we skip this in password grant type flow as it is not required in our case?

curl -u testclient:testpass "http://oauth-server.example.com/oauth2/PasswordCredentials" -d 'grant_type=password&username=someuser&password=somepassword'
{"access_token":"206c80413b9a96c1312cc346b7d2517b84463edd","expires_in":3600,"token_type":"bearer","scope":null}

jitchavan avatar Jun 28 '18 07:06 jitchavan