I'm using Oauth2 php library. I've followed the docs here and here This is what I have so far:
- a client application requests a token using client id & client secret to the client_credential end point
- a token is returned to the client app with a basic scope
- a user logs in from the client app
- the client application requests a new token using user id & user password to the user_credential end point
- the client app receive a new token with the new scope of the user
Everything works.
The only thing that doesn't make sense to me is that I have to pass again the client id & client secret when doing the user authorization (grant_type:'password') otherwise wise it doesn't work.
{"error":"invalid_client","error_description":"Client credentials were not found in the headers or body"}
My understanding was that since I obtained first a client token, I wouldn't have to identify the client again. I've tried passing the token instead of client id & client password for user auth but no go. What's the proper grant type combination for what I'm trying to do ?