问题
I want to get access token without submiting Base64(client_id:client_secret) in the request.
I just want to submit the client_id and username and password (Password Grant Type) : public passoword grant type
It's called public scheme by IBM. Please quiclky skim through this likn. What I like is to never send the client_secret in an access token request. The image below illustrate it (still IBM).
The problem is that WSO2 APIM requests to obtain access token ALWAYS include the Base64(client_id:client_secret) parameter. I would like to be able to send only the following cURL to get an access token
I would like to be able to send the following cURL to get the access token
回答1:
1) Go to /carbon and list down the Service Providers.
2) Edit the relevant Service Provider corresponding to your Application.
3) Open Inbound Configuration > OAuth Configuraton.
4) Edit the OAoth app.
5) Tick Allow authentication without the client secret.
6) Try above curl.
来源:https://stackoverflow.com/questions/58818711/how-to-implement-oauth2-without-sending-client-secret-in-wso2-apim