The currently supported OAuth2 client credentials grant includes the client_id and the client_secret in the body of the request. Some APIs require that the client_id and client_secret are sent using the HTTP Basic Authentication scheme. This PR adds a new client credentials request that supports the basic authentication method instead of the request body method.
The request only adds new files and should not cause any backwards compatibility issues.
The new GetClientCredentialsTokenBasicAuthRequest was copied from the existing GetClientCredentialsTokenRequest. The defaultBody() method was updated to remove the client_id/client_secret from the body, and the defaultAuth() method was added to implement the basic authentication.
The new ClientCredentialsBasicAuthGrant trait uses the existing ClientCredentialsGrant trait, and just redefines the resolveAccessTokenRequest() method to use the new request file.
A new test was added to ensure the request body and Authentication header are as expected.
The currently supported OAuth2 client credentials grant includes the client_id and the client_secret in the body of the request. Some APIs require that the client_id and client_secret are sent using the HTTP Basic Authentication scheme. This PR adds a new client credentials request that supports the basic authentication method instead of the request body method.
The request only adds new files and should not cause any backwards compatibility issues.
RFC reference: https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1
Implementation Notes:
GetClientCredentialsTokenBasicAuthRequestwas copied from the existingGetClientCredentialsTokenRequest. ThedefaultBody()method was updated to remove theclient_id/client_secretfrom the body, and thedefaultAuth()method was added to implement the basic authentication.ClientCredentialsBasicAuthGranttrait uses the existingClientCredentialsGranttrait, and just redefines theresolveAccessTokenRequest()method to use the new request file.