You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed both clients are set as Confidential, which according to the OAuth spec would require the server to authenticate the client making the request.
This is only the case for the resource owner credential grant, the refresh token grant does accept a client secret. Why is this?
Thanks for this sample, it has helped me tremendously!
The text was updated successfully, but these errors were encountered:
I noticed both clients are set as Confidential, which according to the OAuth spec would require the server to authenticate the client making the request.
This is only the case for the resource owner credential grant, the refresh token grant does accept a client secret. Why is this?
Thanks for this sample, it has helped me tremendously!
The text was updated successfully, but these errors were encountered: