FOSOAuthServerBundle needs client_secret event the grant_type is password

86 views Asked by At

I'm building an API where i want to use password as grant_type. I set it up using FOSOAuthServer Bundle.

I tried to get token without first providing the client_secret and it says that invalid client.

Then I included client_secret, and now its working. I think OAuth2 states that password grant_type should not include client_secret in the request.

Note:

I used bot GET/POST method, but still with no luck.

Thanks!

1

There are 1 answers

1
kunicmarko20 On

This has been a problem I also encountered, but that is how they made the bundle.

You can read more in this issue, there are also some solutions there: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/issues/115

One of the solutions is to create a Client that will have only password grant type or to overwrite some functions that do checking.

I do not know if this are the best solutions.

Also, you can check https://github.com/lexik/LexikJWTAuthenticationBundle