[SHINDIG-1976] Shindig must use "POST" method to make access token request with client credential grant type - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.0
Fix Version/s: 2.5.2
Component/s: Java
Labels:
- OAuth2

Description

Shindig supports two OAuth grant types, Auth Code and Client credentials. For client credentials, it sends a "GET" request to token endpoint. This is incorrect. According to http://tools.ietf.org/html/rfc6749#section-3.2, the client MUST use the HTTP "POST" method when making access token
requests. Also , http://tools.ietf.org/html/rfc6749#section-4.4.2 shows the client credentials grant type needs to send a POST request to token endpoint.

The shindig_client_credentials gadget is not set to use correct grant type in oauth2.json. The grant type is set to code. From the name, this gadget is used to test client credentials, the grant type should be changed to client_credentials

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Yun Zhi Lin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/May/14 02:20

Updated:: 13/May/14 14:21

Resolved:: 13/May/14 14:21