Yun Zhi Lin created SHINDIG-1976:
------------------------------------
Summary: Shindig must use "POST" method to make access token
request with client credential grant type
Key: SHINDIG-1976
URL: https://issues.apache.org/jira/browse/SHINDIG-1976
Project: Shindig
Issue Type: Bug
Components: Java
Affects Versions: 2.5.0
Reporter: Yun Zhi Lin
Shindig supports two OAuth grant types, Auth Code and Client credentials. For
client credentials, it sends a "GET" request to token endpoint. This is
incorrect. According to http://tools.ietf.org/html/rfc6749#section-3.2, the
client MUST use the HTTP "POST" method when making access token
requests. Also , http://tools.ietf.org/html/rfc6749#section-4.4.2 shows the
client credentials grant type needs to send a POST request to token endpoint.
The shindig_client_credentials gadget is not set to use correct grant type in
oauth2.json. The grant type is set to code. From the name, this gadget is used
to test client credentials, the grant type should be changed to
client_credentials
--
This message was sent by Atlassian JIRA
(v6.2#6252)
