In TokenGenerator, when handling a request for access tokens, one parameter (client_secret) is being pulled from the POST data, while others are being pulled from the GET data.
I think it would be simpler for both the provider and consumers to extract all data from POST, as is shown in the rfc example.
In TokenGenerator, when handling a request for access tokens, one parameter (client_secret) is being pulled from the POST data, while others are being pulled from the GET data.
I think it would be simpler for both the provider and consumers to extract all data from POST, as is shown in the rfc example.