Open alanmcg opened 3 years ago
I could use OAuth2 «Resource Owner Password Credentials Grant» flow (with username and password) with blackbox 0.20.0 using the following config :
oauth2:
client_id: "my_client_app"
client_secret: "my_client_app_secret"
scopes:
- "scope"
token_url: "https://www.example.com/auth/token"
endpoint_params:
grant_type: "password"
username: "test@example.com"
password: "password"
I tested this on a private OAuth2 server, not sure it will work with others :sweat_smile:
I believe those are sent as URL parameters, not in the body, so doesn't solve the problem unfortunately
I also want to use this kind of "Resource Owner Password Credentials Grant» flow", but putting "secrets" to configuration is not good idea. For client_secret there is possibility to use "client_secret_file" instead.
But for "password" - is there some way how to do it the same way ? Like "password_file" reference.
the oauth2 implementation doesn't seem to support anything other than just client_id and client_secret. I have a system which requires client_id and client_secret plus a username and password to be sent in the body of the request to authenticate.
Is it possible to add the ability to specify the body of the request in the oauth2 implementation?