如何在 WSO2 APIM 中实现 Oauth2 而不发送 client_secret [英] How to implement Oauth2 without sending client_secret in WSO2 APIM
问题描述
我想在请求中不提交 Base64(client_id:client_secret) 的情况下获取访问令牌.
我只想提交client_id和用户名和密码(Password Grant Type):publicpassoword grant type
它被
问题在于 WSO2 APIM 请求获取访问令牌总是包含 Base64(client_id:client_secret) 参数.我希望能够仅发送以下 cURL 以获取访问令牌
我希望能够发送以下 cURL 以获取访问令牌
1) 转到/carbon
并列出Service Providers
.
2) 编辑您的Application
对应的相关Service Provider.
3) 打开Inbound Configuration
> OAuth Configuraton
.
4) 编辑 OAoth 应用程序.
5) 勾选允许没有客户端密码的身份验证
.
6) 试试上面的 curl.
I want to get access token without submiting Base64(client_id:client_secret) in the request.
I just want to submit the client_id and username and password (Password Grant Type) : public passoword grant type
It's called public scheme by IBM. Please quiclky skim through this likn. What I like is to never send the client_secret in an access token request. The image below illustrate it (still IBM).
The problem is that WSO2 APIM requests to obtain access token ALWAYS include the Base64(client_id:client_secret) parameter. I would like to be able to send only the following cURL to get an access token
I would like to be able to send the following cURL to get the access token
1) Go to /carbon
and list down the Service Providers
.
2) Edit the relevant Service Provider corresponding to your Application
.
3) Open Inbound Configuration
> OAuth Configuraton
.
4) Edit the OAoth app.
5) Tick Allow authentication without the client secret
.
6) Try above curl.
这篇关于如何在 WSO2 APIM 中实现 Oauth2 而不发送 client_secret的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!