Support HTTP Basic authentication for Clients
jbasney opened this issue · comments
https://tools.ietf.org/html/rfc6749#section-2.3.1
The authorization server MUST support the HTTP Basic
authentication scheme for authenticating clients that were issued a
client password.
http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
This section defines a set of Client Authentication methods that are used by Clients to authenticate to the Authorization Server when using the Token Endpoint. During Client Registration, the RP (Client) MAY register a Client Authentication method. If no method is registered, the default method is client_secret_basic.
client_secret_basic
Clients that have received a client_secret value from the Authorization Server authenticate with the Authorization Server in accordance with Section 2.3.1 of OAuth 2.0 [RFC6749] using the HTTP Basic authentication scheme.