Nginx 401 with PHP cURL

Question

In order to get an oAuth2 token, I must connect to a REST API at this URL: https://abcd/api/oauth/v1/token by sending base64_encode(api_client_id:api_secret) . Note that moreover, the access to https://abcd/api/oauth/v1/token is protected by a htpwd.

So my request, written in PHP, is:

$base64_encoded_client_id_and_secret = base64_encode('api_client_id:api_secret');
$curl_session = curl_init();
curl_setopt($curl_session, CURLOPT_URL, 'https://abcd/api/oauth/v1/token');
curl_setopt($curl_session, CURLOPT_HTTPHEADER, ['Content-Type: application/json', 'Authorization: Basic ' . $base64_encoded_client_id_and_secret]);
curl_setopt($curl_session, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($curl_session, CURLOPT_USERPWD, "htpwd_user:htpwd_pwd");
curl_setopt($curl_session, CURLOPT_POST, true);
curl_setopt($curl_session, CURLOPT_POSTFIELDS, [
    'grant_type' => 'password',
    'username'  =>  'api_user',
    'password'  =>  'api_pwd'
    ]);
$ret = json_decode(curl_exec($curl_session));

However the Nginx server returns the error 401. What could I do to fix this bug?

I have tested different values instead of CURLAUTH_DIGEST ; none worked.

Is it a CROOS Origin problem?

Answer 1

The following solution is not a good one even if it works (read the following). The problem was solved by removing the htpasswd security step for an arbitrary period of time (equal to the sum of my test and development time). Be careful if you do this, because Google could possibly index the website from a moment belonging to this time interval.

I didn't try to separate the field values with a comma as proposed by @AngelDeykov in a comment (not in an answer).