Dear Oltu community,
i'm trying to implement an OAuth provider with the possibility of using
grant_type=password as specified here[1].
I've searched the amber mailing list and apparently someone else had
exactly the same problem[2].
Problem is that even if the RFC says that I can request a token simply
sending something like
/oauth/token?grant_type=password&username=foo&password=bar&client_id=myClient
when I try build an OAuthTokenRequest
OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);
I get an Exception like as follows (missing client_secret):
OAuthProblemException{error='invalid_request', description='Missing
parameters: client_secret', uri='null', state='null', scope='null',
redirectUri='null', responseStatus=0, parameters={}}
which doesn't really make sense to me, since client_secret is not required
for this grant_type.
Then I looked at the integration tests[3], and it seems you're adding
client_secret to password granted requests.
What am I doing wrong? Is it possible that Oltu is slightly misaligned with
the RFC or I'm totally misusing it?
thank you in advance guys,
Davide
[1] http://tools.ietf.org/html/rfc6749#page-37 paragraph 4.3.1
[2] http://markmail.org/message/n573w5nwrnqp3zod
[3]
https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenPasswordCredentialsTest.java
--
Davide Palmisano
http://davidepalmisano.com
http://twitter.com/dpalmisano
