Announcement Announcement Module
Collapse
No announcement yet.
Oauth2 Client Credentials grant type: client secret not sent from client Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Oauth2 Client Credentials grant type: client secret not sent from client

    Hi,

    When using client credentials grant type (<oauth:resource> config on client side), I don't see where client secret is being sent to the outh server, checking out the oauth2 code I can find this:

    ClientCredentialsAccessTokenProvider.java (getParametersForTokenRequest private method)

    <code>
    MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
    form.set("grant_type", "client_credentials");
    form.set("client_id", resource.getClientId());

    if (resource.isScoped()) { ... }
    </code>

    but nothing about the client_secret, am I looking at the right place?

    Thanks,

    David Sosa

  • #2
    Try looking at DefaultClientAuthenticationHandler.authenticateTok enRequest(). It's called from the base class of the token provider.

    Comment

    Working...
    X