fix wso2/api-manager#2261

YasasRangika · Nov 16, 2023 · 84f1849 · 84f1849
1 parent 1cfcab5
commit 84f1849
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/...eway/src/main/java/org/wso2/carbon/apimgt/gateway/mediators/oauth/client/OAuthClient.java b/...eway/src/main/java/org/wso2/carbon/apimgt/gateway/mediators/oauth/client/OAuthClient.java
@@ -82,11 +82,13 @@ public static TokenResponse generateToken(String url, String clientId, String cl
             // Set authorization header
             httpPost.setHeader(APIConstants.OAuthConstants.AUTHORIZATION_HEADER, "Basic " + credentials);
             httpPost.setHeader(APIConstants.HEADER_CONTENT_TYPE, APIConstants.OAuthConstants.APPLICATION_X_WWW_FORM_URLENCODED);
-            if (refreshToken != null) {
+            if (APIConstants.OAuthConstants.CLIENT_CREDENTIALS.equals(grantType)) {
+                // As per the RFC 6749, a refresh token should not be included in token response for client credentials grant type.
+                refreshToken = null;
+                payload.append(APIConstants.OAuthConstants.CLIENT_CRED_GRANT_TYPE);
+            } else if (refreshToken != null) {
                 payload.append(APIConstants.OAuthConstants.REFRESH_TOKEN_GRANT_TYPE)
                         .append("&refresh_token=").append(refreshToken);
-            } else if (APIConstants.OAuthConstants.CLIENT_CREDENTIALS.equals(grantType)) {
-                payload.append(APIConstants.OAuthConstants.CLIENT_CRED_GRANT_TYPE);
             } else if (APIConstants.OAuthConstants.PASSWORD.equals(grantType)) {
                 payload.append(APIConstants.OAuthConstants.PASSWORD_GRANT_TYPE + "&username=")
                         .append(URLEncoder.encode(username, APIConstants.DigestAuthConstants.CHARSET)).append("&password=")