password grant_type does not work

[crystalneth]

Password grant_type is both a token and an authorization method, but it's managed by the token controller which does not run the authorization step. Therefore it does not authorize the user with the provided username and password.

[kennuzzo]

I have the same issue as well, i get a token with curl but is not usable

[wedtm]

I have found that you have to pass both the client_id and client_secret when doing a password grant.

[jagthedrummer]

Is this still an issue? I just looked into #382, which is related, and I think that it's possible to do the password credentials flow without client_id or client_secret. I saw that there's already a test for issuing a token without the client credentials, so I tried to write test for using the token that's issued.

https://github.com/jagthedrummer/doorkeeper/blob/jeremy/issue-382-password-grant/spec/requests/flows/password_spec.rb#L52-L61

The test passes using the issued token, but it fails with any other token. Let me know if I'm missing something there.

[tute]

Closing after comment from @jagthedrummer (thank you!) and in #382. If it continues to be a problem, please provide reproducible steps and we'll address!