client ID and client secret sections are mandatory for Oauth2 secured endpoint feature (password grant)
selakap opened this issue · 1 comments
selakap commented
Describe your problem(s)
In back end authentication the client ID and the client secret sections are mandatory for the feature [1] in wso2 apim 3.2.0. But the client authentication is optional for token generation as per the spec [2].
Therefore, need to consider client ID and client secret as optional values.
- https://apim.docs.wso2.com/en/3.2.0/learn/design-api/endpoints/endpoint-security/oauth-2.0/
- https://datatracker.ietf.org/doc/html/rfc6749#section-4.3.2
Describe your solution
Consider client ID and client secret as optional values.
prasa7 commented
Master fix :wso2/carbon-apimgt#11788