[jira] [Resolved] (SHINDIG-1976) Shindig must use "POST" method to make access token request with client credential grant type

Ryan Baxter (JIRA) Tue, 13 May 2014 07:23:42 -0700

     [ 
https://issues.apache.org/jira/browse/SHINDIG-1976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ryan Baxter resolved SHINDIG-1976.
----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.5.2

Committed revision 1594233

> Shindig must use "POST" method to make access token request with client 
> credential grant type
> ---------------------------------------------------------------------------------------------
>
>                 Key: SHINDIG-1976
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1976
>             Project: Shindig
>          Issue Type: Bug
>          Components: Java
>    Affects Versions: 2.5.0
>            Reporter: Yun Zhi Lin
>              Labels: OAuth2
>             Fix For: 2.5.2
>
>
> Shindig supports two OAuth grant types, Auth Code and Client credentials. For 
> client credentials, it sends a "GET" request to token endpoint. This is 
> incorrect.  According to http://tools.ietf.org/html/rfc6749#section-3.2, the 
> client MUST use the HTTP "POST" method when making access token
>    requests. Also , http://tools.ietf.org/html/rfc6749#section-4.4.2 shows 
> the client credentials grant type needs to send a POST request to token 
> endpoint.
> The shindig_client_credentials gadget is not set to use correct grant type in 
> oauth2.json. The grant type is set to code. From the name, this gadget is 
> used to test client credentials,  the grant type should be changed to 
> client_credentials



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Resolved] (SHINDIG-1976) Shindig must use "POST" method to make access token request with client credential grant type

Reply via email to