Client Credentials plus User Credentials

[DreamAmbitious]

Implementin oauth2 based on "http://bshaffer.github.io/oauth2-server-php-docs/cookbook/". The Test client passes the user credentials in order to get the access token. Is that not a major security hole?

curl -u testclient:testpass http://localhost/oauth/token -d 'grant_type=password&username=bshaffer&password=brent123'

[julien-c]

I don't think so, why would it? Thoughts @bshaffer?

PS: of course, you'd want to be talking to a HTTPS server.