douqi2804 2015-05-18 15:07
浏览 80


I'm using Oauth2 php library. I've followed the docs here and here This is what I have so far:

  • a client application requests a token using client id & client secret to the client_credential end point
  • a token is returned to the client app with a basic scope
  • a user logs in from the client app
  • the client application requests a new token using user id & user password to the user_credential end point
  • the client app receive a new token with the new scope of the user

Everything works.

The only thing that doesn't make sense to me is that I have to pass again the client id & client secret when doing the user authorization (grant_type:'password') otherwise wise it doesn't work.

{"error":"invalid_client","error_description":"Client credentials were not found in the headers or body"}

My understanding was that since I obtained first a client token, I wouldn't have to identify the client again. I've tried passing the token instead of client id & client password for user auth but no go. What's the proper grant type combination for what I'm trying to do ?

  • 写回答

1条回答 默认 最新

  • dongxi1965 2015-05-18 15:27

    A (single) client is either public, i.e. it has no client_secret associated with it, or confidential i.e. it uses a client_secret to identify itself. It cannot be both at the same time. What you could do is register a second client with a different client_id as a public client, so it won't have to use a client_secret to identify itself to the Authorization Server. You could then use that second client_id from your (single) client app in the second part of the desired flow.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



  • ¥40 通过编制程序计算圆管内层流充分发展对流换热,参数如图5-4,以及公式5-16所示,要求用表5-6对程序计算准确性进行验证
  • ¥20 该学习哪个编程语言? AI会取代程序员吗?
  • ¥15 ensp如何拼通IP地址
  • ¥15 saber软件导入Ibis模型报错
  • ¥15 商城生产日期批次库存问题
  • ¥15 esp8266控制共阳极wrgb灯板无法关闭所有led灯
  • ¥100 python读取速度问题
  • ¥15 stm32f407使用DMA问题
  • ¥15 您好 这个API接口该怎么弄 网站搭建好了 API也有 现在就不知道该怎么填写API 不知道怎么用
  • ¥88 用uniapp写一个多端的程序,用到高德地图,用高德的JSAPI吗?