You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When OpenAM works as OAuth 2.0 Client, client authentication to token endpoint is done by client_secret_post.
However, according to RFC 6979 section 2.3.1, it seems that client_secret_basic should be used rather than client_secret_post.
Including the client credentials in the request-body using the two
parameters is NOT RECOMMENDED and SHOULD be limited to clients unable
to directly utilize the HTTP Basic authentication scheme (or other
password-based HTTP authentication schemes).
Solution
Add an option to use client_secret_basic as client authentication in OAuth 2.0 authentication module.
The text was updated successfully, but these errors were encountered:
Description
When OpenAM works as OAuth 2.0 Client, client authentication to token endpoint is done by client_secret_post.
However, according to RFC 6979 section 2.3.1, it seems that client_secret_basic should be used rather than client_secret_post.
Solution
Add an option to use client_secret_basic as client authentication in OAuth 2.0 authentication module.
The text was updated successfully, but these errors were encountered: