Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

password grant_type requires secret? #35

Open
tj opened this issue Jul 29, 2013 · 1 comment
Open

password grant_type requires secret? #35

tj opened this issue Jul 29, 2013 · 1 comment

Comments

@tj
Copy link

tj commented Jul 29, 2013

it should be optional so you can have things like command-line tools that are user-accessible but wont expose a secret
@hillct
Copy link

hillct commented Nov 10, 2013

I was just now looking at the oauth2-provider implementation of the password flow and it seems like the client is meant to be authenticated, prior or during the password auth flow as described here:

http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.3

Checking notes actually explain the calling convention which seems consistent with the oauth2 draft. 074f9a8
It would be useful to add the calling URL example to the docs though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tj @hillct