Appauth-android: How do we set the client secret in the AuthorizationRequest ?

Created on 31 Oct 2016  路  3Comments  路  Source: openid/AppAuth-Android

In my android app, I am trying to do plain old OAuth2 against my server which requires client secret on it's authorization call (even for pkce).
I have the clientId & clientSecret that I got from server out of band. I have *not performed dynamic client registration.

How do I set the clientSecret on authorization request so I can do oauth authorization code grant ?
Server can support it either on http basic auth header or in request body.

Tried a few things that did not work -

  • setting Basic auth (with clientId:secret) and passing it in additional parameters
  • creating a pseudo registration request/response to update AuthState

Any help is appreciated.

Thanks

Most helpful comment

I'm a little confused because normally a client_secret is not sent as part of the authorization endpoint request, but as part of a token endpoint request. If it's the token request part you're talking about, you can pass a ClientSecretBasic or ClientSecretPost instance to performTokenRequest. This will attach your client secret as an Authorization header or form body parameter, respectively.

Let me know if this solves your problem.

All 3 comments

I'm a little confused because normally a client_secret is not sent as part of the authorization endpoint request, but as part of a token endpoint request. If it's the token request part you're talking about, you can pass a ClientSecretBasic or ClientSecretPost instance to performTokenRequest. This will attach your client secret as an Authorization header or form body parameter, respectively.

Let me know if this solves your problem.

I am able to get it to work. Thanks

I麓m having same trouble perform client authentication in token activity, do you have any example of this. i allways get noclientauthentication

Was this page helpful?
0 / 5 - 0 ratings