question

hienqle avatar image
0 Likes"
hienqle asked

Token endpoint support for client_id in body

The Swagger-Codegen clients for Java (using retrofit, retrofit2, feign) use Apache Oltu to simplify exchange of Client Credentials for an Access Token: ApiClient apiClient = new ApiClient("Client Credentials"); apiClient.getTokenEndPoint() .setClientId("ID") .setClientSecret("SECRET") .setRedirectURI("REDIRECT") ItemApi service = apiClient.createService(ItemApi.class); service.getItem("ID", null); Unfortunately, these requests fail as Otlu sends client credentials in the request-body rather than as an Authorization Header. The eBay server is compliant with [RFC 6749 Section 2.3.1][1]: > authorization server MAY support including the client credentials in the request-body... using the two parameters is NOT RECOMMENDED and SHOULD be limited to clients unable to directly utilize the HTTP Basic authentication scheme but is there any chance of making this less restrictive so that the Swagger Codegen tooling works out of box? [1]: https://tools.ietf.org/html/rfc6749#section-2.3.1
oauth2swagger code automation
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

0 Answers

·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.