Skip to content

Client Authentication via Basic Authorization, not body #126

wants to merge 1 commit into from

2 participants



The basic authorization is necessary to be supported when we do a client authentication.
It is written this rfc 2.3.1 Client password.

Some OAuth2.0 implementation doesn't allow to include a client ID and client secret in the both of the body and the Authorization header.
So, I did this pull request.


It is useful in the case that BASIC authorization id and password cannot be written in POST body.
(e.g I tried on
So, custom header interface is necessary, I think.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.