Results 1 to 2 of 2

Thread: Oauth2 Client Credentials grant type: client secret not sent from client

  1. Feb 8th, 2013, 11:56 AM #1
    davesosb
    davesosb is offline Junior Member
    Join Date
    Feb 2013
    Posts
    2

    Default Oauth2 Client Credentials grant type: client secret not sent from client

    Hi,

    When using client credentials grant type (<oauth:resource> config on client side), I don't see where client secret is being sent to the outh server, checking out the oauth2 code I can find this:

    ClientCredentialsAccessTokenProvider.java (getParametersForTokenRequest private method)

    <code>
    MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
    form.set("grant_type", "client_credentials");
    form.set("client_id", resource.getClientId());

    if (resource.isScoped()) { ... }
    </code>

    but nothing about the client_secret, am I looking at the right place?

    Thanks,

    David Sosa
    Reply With Quote Reply With Quote
  2. Feb 9th, 2013, 04:35 AM #2
    Dave Syer
    Dave Syer is offline Senior Member
    Join Date
    Jun 2005
    Posts
    4,232

    Default

    Try looking at DefaultClientAuthenticationHandler.authenticateTok enRequest(). It's called from the base class of the token provider.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules