Open testphys opened 6 years ago
Hi @testphys, from my limited understanding, I'd say that the authorize endpoint, for using the implicit flow, is about showing the user a web page for authorizing the client app. In my case, I'm automatically authenticating users using REMOTE_USER, but the webpage is still shown to users so they can decide wether or not authorize the client app.
Since there is no documentation for using the implicit grant flow, I am having a hard time figuring out what the actual request should look like.
curl -X GET -d "username=<username>&password=<password>&clientid=<client_id>&redirect_uri=<redirect_uri>&response_type=token http://0.0.0.0:8000/o/authorize/
From looking into the code the user has to already be authenticated. Isn't it possible to pass the user credentials with the actual request?
Furthermore, the body of the GET request seems to get lost.
I would appreciate a little help to get my head around it.