Open Closed

Token Generation: Moving the user details to Authorization #7072


User avatar
0
Karthigeyan created

Hi Team,

Currently for the Token generation (IdentityServer), we are passing the information like "client_id, client_secrets, username, password" via body of "urlencoded" format (as per the ABP framework). May I know, is there any way we can pass these details via "Authorization" and also would like to know can we achieve the same by only passing the "Username" and "Password" via "Authorization" instead of sending client_id and cilent_secret

Thanks, Karthigeyan R


1 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    This is designed by OAuth2, You can't do that.

    See https://datatracker.ietf.org/doc/html/rfc6749#section-4.3.2 https://www.oauth.com/oauth2-servers/access-tokens/password-grant/

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09