如何在 WSO2 APIM 中实现 Oauth2 而不发送 client_secret [英] How to implement Oauth2 without sending client_secret in WSO2 APIM

问题描述

我想在请求中不提交 Base64(client_id:client_secret) 的情况下获取访问令牌.

我只想提交client_id和用户名和密码(Password Grant Type):publicpassoword grant type

它被

问题在于 WSO2 APIM 请求获取访问令牌总是包含 Base64(client_id:client_secret) 参数.我希望能够仅发送以下 cURL 以获取访问令牌

我希望能够发送以下 cURL 以获取访问令牌

解决方案

1) 转到/carbon 并列出Service Providers.

2) 编辑您的Application对应的相关Service Provider.

3) 打开Inbound Configuration > OAuth Configuraton.

4) 编辑 OAoth 应用程序.

5) 勾选允许没有客户端密码的身份验证.

6) 试试上面的 curl.

I want to get access token without submiting Base64(client_id:client_secret) in the request.

I just want to submit the client_id and username and password (Password Grant Type) : public passoword grant type

It's called public scheme by IBM. Please quiclky skim through this likn. What I like is to never send the client_secret in an access token request. The image below illustrate it (still IBM).

The problem is that WSO2 APIM requests to obtain access token ALWAYS include the Base64(client_id:client_secret) parameter. I would like to be able to send only the following cURL to get an access token

I would like to be able to send the following cURL to get the access token

解决方案

1) Go to /carbon and list down the Service Providers.

2) Edit the relevant Service Provider corresponding to your Application.

3) Open Inbound Configuration > OAuth Configuraton.

4) Edit the OAoth app.

5) Tick Allow authentication without the client secret.

6) Try above curl.

这篇关于如何在 WSO2 APIM 中实现 Oauth2 而不发送 client_secret的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！