Client Credentials Grant Type should also support Basic Authentication. EDIT - handling missing Content-Type header

[seantdg]

Many PSPs will only support Basic Authentication for the Client Credentials grant type /token call, instead of a client assertion.

Could we support this too? Currently if I pass a normal /token request with client credentials, the refresh token policy is hit instead of an error.

[rohan-m]

@seantdg Both basic authentication and client assertion are supported. Currently if you pass basic auth, it should generate access token and not produce error. Looks like a policy in the flow is missed and refresh token is hit directly in your scenario.. Can you provide the error you are facing with more detail?

[seantdg]

my mistake! this occurs if the Content-Type header isn't set correctly. We should either assume a Content-Type of "application/x-www-form-urlencoded" if a Content-Type isn't set, or throw an error rather than assuming refresh token.

[laughingbiscuit]

Closing as the project has been refactored and this bug issue no longer applies - please see https://github.com/apigee/openbank#previous-versions