Client credentials grant type in Authorization header

[spiro-stathakis]

Hi there, I am trying to implement an OAuth server and using the guide to get client credentials working but there is a problem with the Authorization header.

When I use this method:

# using HTTP Basic Authentication
$ curl -u testclient:testpass https://api.mysite.com/token -d 'grant_type=client_credentials'

I receieve the following error:

{"error":"invalid_client","error_description":"Client credentials were not found in the headers or body"}

This method works as expected

# using POST Body
$ curl https://api.mysite.com/token -d 'grant_type=client_credentials&client_id=testclient&client_secret=testpass'

I receive this output:

{"access_token":"5063edca8be2a480049d397c5efb22cedfba93cf","expires_in":3600,"token_type":"Bearer","scope":null}

Does handleTokenRequest($request,$response) require additional config? This how it is currently working:

$request = OAuth2\Request::createFromGlobals(); 
$server->handleTokenRequest($request)->send();

[spiro-stathakis]

I had to add this to my Apache virtualhost directive as the server globals PHP_AUTH_USER and PHP_AUTH_PW where not accessible.

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1