Uploaded image for project: 'PUBLIC - Liferay Documentation'
  1. PUBLIC - Liferay Documentation
  2. LRDOCS-6520

Incorrect URLs for OAuth2 client credentials & resource owner password grants

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Fix Version/s: 7.1.x
    • Component/s: Application Security
    • Labels:
      None
    • Type of Documentation:
      Deployment

      Description

      The "CLIENT CREDENTIALS AND RESOURCE OWNER FLOWS" section states that URLs to the /o/oauth2/authorize endpoint should be used. These are only used when the end-user needs to provide consent.

      Incorrect URLs from docs:

      1. https://[hostname]/o/oauth2/authorize?response_type=code&grant_type=client_credentials&client_id=[client ID]&client_secret=[client secret]
      2. https://[hostname]/o/oauth2/authorize?response_type=code&grant_type=password&client_id=[client ID]&client_secret=[client secret]&username=[user@emailaddress.com]&password=

      Correct URLs:

      1. https://[hostname]/o/oauth2/token?grant_type=client_credentials&client_id=[client ID]&client_secret=[client secret]
      2. https://[hostname]/o/oauth2/token?grant_type=password&client_id=[client ID]&client_secret=[client secret]&username=[user@emailaddress.com]&password=

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                7.1.x