The client_credentials grant_types fails due to the access_token being incorrectly referenced.
As an important aside, I wouldn't pull this into any version just yet. As implemented the client_credentials grant_type is a security mess and should never be implemented as it is here. As is noted here:
The client credentials grant type MUST only be used by confidential
clients.
This is highly important. As this basically allows client to self authorize. There are situations where this can be a good thing, but they are pretty rare.
Some thought I will likely be needed to decide an appropriate way to to protect this version token grant_type, in my case I will be using a custom client model and a flag, but that may not be suitable for all cases.
The client_credentials grant_types fails due to the access_token being incorrectly referenced.
As an important aside, I wouldn't pull this into any version just yet. As implemented the client_credentials grant_type is a security mess and should never be implemented as it is here. As is noted here:
http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.4
This is highly important. As this basically allows client to self authorize. There are situations where this can be a good thing, but they are pretty rare.
Some thought I will likely be needed to decide an appropriate way to to protect this version token grant_type, in my case I will be using a custom client model and a flag, but that may not be suitable for all cases.