You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oltu.apache.org by "Rikard Swahn (JIRA)" <ji...@apache.org> on 2015/09/14 11:36:45 UTC
[jira] [Comment Edited] (OLTU-163) GrantType password and Missing
parameters: client_secret
[ https://issues.apache.org/jira/browse/OLTU-163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14743241#comment-14743241 ]
Rikard Swahn edited comment on OLTU-163 at 9/14/15 9:36 AM:
------------------------------------------------------------
Yes, for clients that has credentials set, they should be enforced. But as I understand it, it is not required that clients have credentials set, and in that case, they are not required.
So I think the implementation has to validate credentials if they are present for the specific client.
was (Author: rikardswahn):
Yes, for client that has credentials set, they should be enforced. But as I understand it, it is not required that clients have credentials set, and in that case, they are not required.
> GrantType password and Missing parameters: client_secret
> --------------------------------------------------------
>
> Key: OLTU-163
> URL: https://issues.apache.org/jira/browse/OLTU-163
> Project: Apache Oltu
> Issue Type: Bug
> Components: oauth2-authzserver
> Affects Versions: oauth2-1.0.0
> Environment: JBOSS 8 (wildfly)
> JDK 1.7
> Reporter: alizarion
> Priority: Minor
>
> when i try to parse request with grant_type=password and there is no client_secret, OAuthTokenRequest throw Missing parameters.
> client_secret is not required for a GrantType password
> https://tools.ietf.org/html/rfc6749#section-4.3.2
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)