How to implement Oauth2 without sending client_secret in WSO2 APIM

1
votes

I want to get access token without submiting Base64(client_id:client_secret) in the request.

I just want to submit the client_id and username and password (Password Grant Type) : public passoword grant type

It's called public scheme by IBM. Please quiclky skim through this likn. What I like is to never send the client_secret in an access token request. The image below illustrate it (still IBM).

enter image description here

The problem is that WSO2 APIM requests to obtain access token ALWAYS include the Base64(client_id:client_secret) parameter. I would like to be able to send only the following cURL to get an access token

enter image description here I would like to be able to send the following cURL to get the access token

enter image description here

1
oauth-2.0wso2apim

1 Answers

1
votes

1) Go to /carbon and list down the Service Providers.

2) Edit the relevant Service Provider corresponding to your Application.

3) Open Inbound Configuration > OAuth Configuraton.

4) Edit the OAoth app.

5) Tick Allow authentication without the client secret.

6) Try above curl.

enter image description here