问题
This curls works fine
curl acme:acmesecret@localhost:9999/uaa/oauth/token -d "password=password&username=user&grant_type=password" -H "Accept: application/json"
In this curl, acme and acmesecret are client credentials used by application to authenticate with authorization server running in localhost:9999
I am trying to make the same request using postman (rest client for chrome).
Here is the screen shot (I entered credentials in Basic Auth tab)
Here is the preview of the request that is sent out: (NOTE: AUthorization basic header is added)
I am getting error as "invalid_client". how to fix this?
Thanks
回答1:
cURL
acme:acmesecret@localhost:9999/uaa/oauth/token
The acme:acmesecret is the HTTP client credentials sent in the basic auth header. You can add the -v switch to see the headers in the request.
-d "password=password&username=user&grant_type=password"
This is the form data.
In the Postman request, you have it switched around. You have the client credentials in the form data, and I'm guessing you have the user credentials in the auth header.
Just switch them. For an OAuth 2.0 password grant request, the client credentials should go in the auth header, while the user credentials go in the form data.
回答2:
I found this piece of information to be quite helpful from the Postman docs incase others needed more clarification.
Postman > Sending API Requests > Authorization
https://learning.getpostman.com/docs/postman/sending_api_requests/authorization/
来源:https://stackoverflow.com/questions/32276825/how-to-pass-client-credentials-in-postman