Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When using authorization header for client_credentials grant type in OAuth2, credentials are also sent in body #109

Closed
nizmow opened this issue Aug 12, 2013 · 1 comment
Closed

When using authorization header for client_credentials grant type in OAuth2, credentials are also sent in body #109

nizmow opened this issue Aug 12, 2013 · 1 comment

Comments

@nizmow
Copy link

nizmow commented Aug 12, 2013

As in the title, the client credentials get sent both in the "Authorization" header, AND in the body of the request. This upsets some authorisation servers (notably for me, servers using the DotNetOpenAuth library). DNOA claims that the OAuth2 spec disallows it, but I can't find the relevant section (perhaps an earlier draft).
@nizmow
Copy link
Author

nizmow commented Mar 3, 2020

Obviously not much will come of this. :)

@nizmow nizmow closed this as completed Mar 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nizmow