如何在 WSO2 APIM 中不发送 client_secret 实现 Oauth2 [英] How to implement Oauth2 without sending client_secret in WSO2 APIM
问题描述
我想在请求中不提交 Base64(client_id:client_secret) 的情况下获取访问令牌.
我只想提交client_id和用户名和密码(密码授予类型):public密码授予类型
问题在于获取访问令牌的 WSO2 APIM 请求始终包含 Base64(client_id:client_secret) 参数.我希望能够仅发送以下 cURL 来获取访问令牌
我希望能够发送以下 cURL 来获取访问令牌
1) 转到 /carbon
并列出 Service Providers
.
2) 编辑与您的 Application
相对应的相关服务提供商.
3) 打开Inbound Configuration
> OAuth Configuraton
.
4) 编辑 OAoth 应用程序.
5) 勾选Allow authentication without the client secret
.
6) 尝试上面的卷曲.
I want to get access token without submiting Base64(client_id:client_secret) in the request.
I just want to submit the client_id and username and password (Password Grant Type) : public passoword grant type
It's called public scheme by IBM. Please quiclky skim through this likn. What I like is to never send the client_secret in an access token request. The image below illustrate it (still IBM).
The problem is that WSO2 APIM requests to obtain access token ALWAYS include the Base64(client_id:client_secret) parameter. I would like to be able to send only the following cURL to get an access token
I would like to be able to send the following cURL to get the access token
1) Go to /carbon
and list down the Service Providers
.
2) Edit the relevant Service Provider corresponding to your Application
.
3) Open Inbound Configuration
> OAuth Configuraton
.
4) Edit the OAoth app.
5) Tick Allow authentication without the client secret
.
6) Try above curl.
这篇关于如何在 WSO2 APIM 中不发送 client_secret 实现 Oauth2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!