saloon icon indicating copy to clipboard operation
saloon copied to clipboard
verified publisher icon saloonphp

Add client credentials grant with basic auth

Open patrickcarlohickman opened this issue 1 year ago • 0 comments

The currently supported OAuth2 client credentials grant includes the client_id and the client_secret in the body of the request. Some APIs require that the client_id and client_secret are sent using the HTTP Basic Authentication scheme. This PR adds a new client credentials request that supports the basic authentication method instead of the request body method.

The request only adds new files and should not cause any backwards compatibility issues.

RFC reference: https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1

Implementation Notes:

  • The new GetClientCredentialsTokenBasicAuthRequest was copied from the existing GetClientCredentialsTokenRequest. The defaultBody() method was updated to remove the client_id/client_secret from the body, and the defaultAuth() method was added to implement the basic authentication.
  • The new ClientCredentialsBasicAuthGrant trait uses the existing ClientCredentialsGrant trait, and just redefines the resolveAccessTokenRequest() method to use the new request file.
  • A new test was added to ensure the request body and Authentication header are as expected.

patrickcarlohickman avatar May 31 '24 19:05 patrickcarlohickman