如何在 WSO2 APIM 中不发送 client_secret 实现 Oauth2 [英] How to implement Oauth2 without sending client_secret in WSO2 APIM

问题描述

我想在请求中不提交 Base64(client_id:client_secret) 的情况下获取访问令牌.

我只想提交client_id和用户名和密码(密码授予类型):public密码授予类型

问题在于获取访问令牌的 WSO2 APIM 请求始终包含 Base64(client_id:client_secret) 参数.我希望能够仅发送以下 cURL 来获取访问令牌

我希望能够发送以下 cURL 来获取访问令牌

解决方案

1) 转到 /carbon 并列出 Service Providers.

2) 编辑与您的 Application 相对应的相关服务提供商.

3) 打开Inbound Configuration > OAuth Configuraton.

4) 编辑 OAoth 应用程序.

5) 勾选Allow authentication without the client secret.

6) 尝试上面的卷曲.

I want to get access token without submiting Base64(client_id:client_secret) in the request.

I just want to submit the client_id and username and password (Password Grant Type) : public passoword grant type

It's called public scheme by IBM. Please quiclky skim through this likn. What I like is to never send the client_secret in an access token request. The image below illustrate it (still IBM).

The problem is that WSO2 APIM requests to obtain access token ALWAYS include the Base64(client_id:client_secret) parameter. I would like to be able to send only the following cURL to get an access token

I would like to be able to send the following cURL to get the access token

解决方案

1) Go to /carbon and list down the Service Providers.

2) Edit the relevant Service Provider corresponding to your Application.

3) Open Inbound Configuration > OAuth Configuraton.

4) Edit the OAoth app.

5) Tick Allow authentication without the client secret.

6) Try above curl.

这篇关于如何在 WSO2 APIM 中不发送 client_secret 实现 Oauth2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！