Use client_secret_post as auth method

authlib / example-oauth2-server

Example for OAuth 2 Server for Authlib.

https://authlib.org/

684 stars 285 forks source link

Use client_secret_post as auth method #68

Closed TheStaticTurtle closed 4 years ago

TheStaticTurtle commented 4 years ago

Hey I'm trying to use client_secret_post to auth and get my token curl -XPOST xxxxxxxxxxxxxx -F grant_type=password -F username=test -F password=valid -F scope=profile -F client_id=xxxxxxxxx -F client_secret=xxxxxxxxx

Just returns {"error": "invalid_client"} any idea ?

lepture commented 4 years ago

This is the default token endpoint auth methods:

TOKEN_ENDPOINT_AUTH_METHODS = ['client_secret_basic']

You need to customize password grant with:

TOKEN_ENDPOINT_AUTH_METHODS = ['client_secret_basic', 'client_secret_post']

TheStaticTurtle commented 4 years ago

You mean in the AuthorizationCodeGrant class ? because it already is from the exampleI've got:

    TOKEN_ENDPOINT_AUTH_METHODS = [
        'client_secret_basic',
        'client_secret_post',
        'none',
    ]

lepture commented 4 years ago

You are using password grant, which means you need to customize PasswordGrant class.