Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.According to http://tools.ietf.org/html/rfc6749#section-2.3.1
Clients in possession of a client password MAY use the HTTP Basic
authentication scheme as defined in [RFC2617] to authenticate with
the authorization server
[...]client_secret
REQUIRED. The client secret. The client MAY omit the
parameter if the client secret is an empty string.
The API already works like this, the patch just removes the #required flag in the form and adds a test to make sure that it does. Put it into the storage tests as that already had id/secret tests, a test with an actual http request wouldn't hurt either...
| Comment | File | Size | Author |
|---|---|---|---|
| client-secret-not-required.patch | 2.7 KB | berdir |
Comments
Comment #1
bojanz commentedCommitted, thanks!