I'm building an API where i want to use password as grant_type. I set it up using FOSOAuthServer Bundle.
I tried to get token without first providing the client_secret and it says that invalid client.
Then I included client_secret, and now its working. I think OAuth2 states that password grant_type should not include client_secret in the request.
Note:
I used bot GET/POST method, but still with no luck.
Thanks!
This has been a problem I also encountered, but that is how they made the bundle.
You can read more in this issue, there are also some solutions there: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/issues/115
One of the solutions is to create a Client that will have only password grant type or to overwrite some functions that do checking.
I do not know if this are the best solutions.
Also, you can check https://github.com/lexik/LexikJWTAuthenticationBundle