I am trying to obtain access token according to Section 4.3.2 Of OAuth 2.0 RFC.
When I send client_id and client_secret together with username and password everything works fine. But I need to obtain the access token without sending client_id and client_secret as my client is not confidential, say. Here is the HTTP flow between client and authorization server.
I am trying to obtain access token according to Section 4.3.2 Of OAuth 2.0 RFC.
When I send client_id and client_secret together with username and password everything works fine. But I need to obtain the access token without sending client_id and client_secret as my client is not confidential, say. Here is the HTTP flow between client and authorization server.
POST http://localhost:3000/oauth2/token HTTP/1.1 User-Agent: Fiddler Host: localhost:3000 Content-Type: application/x-www-form-urlencoded Content-Length: 59
grant_type=password&username=john@example.com&password=test
The server responds with 400 Bad request
HTTP/1.1 400 Bad Request Content-Type: application/json Content-Length: 71 X-Ua-Compatible: IE=Edge X-Runtime: 0.009000 Server: WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22) Date: Thu, 04 Apr 2013 11:56:27 GMT Connection: Keep-Alive
{"error":"invalid_request","error_description":"'client_id' required."}
How can I force the server not to bother about client's credentials?