search

postmanlabs / postman-app-support

Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
https://www.postman.com
5.82k stars 839 forks source link

OAuth 2.0 - Client credentials #9771

Open martinskalicky opened 3 years ago

martinskalicky commented 3 years ago

Error: Client credentials should only be provided once. Remove them from either the 'Authorization' header or the body.

Steps to Reproduce 1) Create new request 2) Go to Authorization 3) Set OAuth 2.0 4) Fill all fields u need 5) Hit "Get new Access Token" 6) Go on webpage, authorize, wait for callback back to Postman 7) Error: Client credentials should only be provided once. Remove them from either the 'Authorization' header or the body.

Settings: Header Prefix Basic

Token Name test_oauth Grant Type: Authorization Code (With PKCE) Callback URL: XXXXX Authorize using browser (YES) Auth URL: XXXXX Access Token URL: XXXXX Client ID: XXXXX Client Secret: XXXXX Code Challenge Method: SHA 256 Code Verifier: Automatically generated if left blank

Scope XXX State XXX

Environment Information

Additional Context client_id is present in the request body, that is the problem, I do have set "client Authentication" to "send as basic auth header" but client id is present in request body anyway

giridharvc7 commented 1 year ago

@martinskalicky can you confirm if you still face this issue? Also, are you signed in or do you use the scratchpad?

Possible duplicate of #8731

martinskalicky commented 1 year ago

I will get back to you on this one soon.