thanks a lot Davide this would be awesome!!
regards
antonio
On Aug 7, 2014, at 11:37 AM, Davide Palmisano <dpalmis...@gmail.com> wrote:
> Dear Stein,
>
> thank you very much for your prompt response. It worked perfectly and it now
> makes sense.
>
> Since this seems to be a problem that every new user which approaches Oltu
> (and OAuth provider in general) experiences, I can write a wiki page on the
> Olto confluence if you like.
>
> many thanks,
>
> Davide
>
>
> On Wed, Aug 6, 2014 at 10:13 PM, Stein Welberg <st...@onegini.com> wrote:
> Hi Davide,
>
> Please have a look at the OAuthUnauthenticatedTokenRequest. This should
> support the request that you want. In this class a client secret is not
> required.
>
> The reason for making the client secret required in the OauthTokenRequest
> (the default) is to have sensible (secure) defaults and enforcing client
> authentication is recommended in the OAuth spec :-).
>
> Hope this helps!
>
> Met vriendelijke groet / Kind regards,
>
> Stein Welberg | CTO
>
>
> <Onegini logo small signature[18].png>
>
>
>
> M: +31639110574 | st...@onegini.com | Pompmolenlaan 9, 3447 GK, Woerden |
> www.onegini.com
>
> Visit www.onegini.me to create your own Onegini digital identity today!
>
> On 6 aug. 2014, at 18:32, Davide Palmisano <dpalmis...@gmail.com> wrote:
>
>> Dear Oltu community,
>>
>> i'm trying to implement an OAuth provider with the possibility of using
>> grant_type=password as specified here[1].
>>
>> I've searched the amber mailing list and apparently someone else had exactly
>> the same problem[2].
>>
>> Problem is that even if the RFC says that I can request a token simply
>> sending something like
>>
>> /oauth/token?grant_type=password&username=foo&password=bar&client_id=myClient
>>
>> when I try build an OAuthTokenRequest
>>
>> OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);
>>
>> I get an Exception like as follows (missing client_secret):
>>
>> OAuthProblemException{error='invalid_request', description='Missing
>> parameters: client_secret', uri='null', state='null', scope='null',
>> redirectUri='null', responseStatus=0, parameters={}}
>>
>> which doesn't really make sense to me, since client_secret is not required
>> for this grant_type.
>>
>> Then I looked at the integration tests[3], and it seems you're adding
>> client_secret to password granted requests.
>>
>> What am I doing wrong? Is it possible that Oltu is slightly misaligned with
>> the RFC or I'm totally misusing it?
>>
>> thank you in advance guys,
>>
>> Davide
>>
>> [1] http://tools.ietf.org/html/rfc6749#page-37 paragraph 4.3.1
>> [2] http://markmail.org/message/n573w5nwrnqp3zod
>> [3]
>> https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenPasswordCredentialsTest.java
>>
>> --
>> Davide Palmisano
>>
>> http://davidepalmisano.com
>> http://twitter.com/dpalmisano
>
>
>
>
> --
> Davide Palmisano
>
> http://davidepalmisano.com
> http://twitter.com/dpalmisano
