I'm using Oauth2 php library. I've followed the docs here and here This is what I have so far:
Everything works.
The only thing that doesn't make sense to me is that I have to pass again the client id & client secret when doing the user authorization (grant_type:'password') otherwise wise it doesn't work.
{"error":"invalid_client","error_description":"Client credentials were not found in the headers or body"}
My understanding was that since I obtained first a client token, I wouldn't have to identify the client again. I've tried passing the token instead of client id & client password for user auth but no go. What's the proper grant type combination for what I'm trying to do ?
A (single) client is either public
, ie it has no client_secret
associated with it, or confidential
ie it uses a client_secret
to identify itself. It cannot be both at the same time. What you could do is register a second client with a different client_id
as a public client, so it won't have to use a client_secret
to identify itself to the Authorization Server. You could then use that second client_id
from your (single) client app in the second part of the desired flow.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.