search

authlib / example-oauth2-server

Example for OAuth 2 Server for Authlib.
https://authlib.org/
684 stars 285 forks source link

Token Endpoint Auth Method #67

Closed imanebosch closed 4 years ago

imanebosch commented 4 years ago

When selecting Token Endpoint Auth Method="none" a client secret is still issued. According to the documentation nonemeans that the client is public and has no secret.

Once the issue is solved,

Endpoint

@bp.route('/oauth/token', methods=['POST']) def issue_token(): return authorization.create_token_response()

does not work with grant password. But If I pass within the body client_id it works. However, according to RFC6749 the body should only contain grant_type, username, password and scope

I might have missed something... Btw, Should I public client have its own id?

lepture commented 4 years ago

I've fixed the bug. Thanks for your feedback.