Hello world, I'm new to oAuth2 and the Oltu project. It's been a week that I dig and hack in the project sources.
I'm trying to implement the password grant type flow and I'm surprised to see that I need to provide client_id and client_secret for this type of authorization flow. It seems it's due to the boolean enforceClientAuthentication in PasswordValidator.java. However, the OAuth's 2 spec (http://tools.ietf.org/html/rfc6749#section-4.3) state that the usename, password and grant_type are only required. Why does Oltu force you to add the client authentication when using the password flow ? Am I missing something ? Cheers, Mathieu.
