Create Access Token without grant #28
Assignees
Comments
|
yes, this is sometimes known as xAuth, whereby you exchange credentials for a long-lived access token. |
ghost
assigned
ammmir
added a commit
that referenced
this issue
Jan 22, 2013
This adds an optional `client_auth` event that is emitted whenever an
access token request is made with grant_type=password. It is meant to be
used only for client-side applications that can be trusted to handle a
user's credentials directly.
For example, this will generate an access token in one shot:
$ curl -XPOST "http://1:1secret@localhost:8081/oauth/access_token" \
-d "grant_type=password&username=guest&password=leet"
In addition, access token requests may now include client_id and
client_secret as the username and password, respectively, in the HTTP
Authorization header using Basic authentication.
|
@ArcoMul can you test this out and let me know if it works for you? |
|
Yes, this works fine for me :-) And apparently I was talking about xAuth yes, thanks for the right term |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I'm not an OATH (2) expert, so I may be completely wrong.
When using your module I encountered the situation that I wanted to return an access token without first getting the permission of the user.
So by sending the client secret + username + password I immediately return an access token since it is a trusted client.
Is it an idea to add this option to the module?
The text was updated successfully, but these errors were encountered: