Please sign in to comment.
Add client authentication (xAuth) for trusted clients (#28).
This adds an optional `client_auth` event that is emitted whenever an access token request is made with grant_type=password. It is meant to be used only for client-side applications that can be trusted to handle a user's credentials directly. For example, this will generate an access token in one shot: $ curl -XPOST "http://1:1secret@localhost:8081/oauth/access_token" \ -d "grant_type=password&username=guest&password=leet" In addition, access token requests may now include client_id and client_secret as the username and password, respectively, in the HTTP Authorization header using Basic authentication.
- Loading branch information...
Showing with 96 additions and 20 deletions.