CAS Oauth server using with postman with POST

Pablo Vidaurri

unread,

Sep 16, 2019, 9:52:40 AM9/16/19

to cas-...@apereo.org

I'm trying to request a token for grant type of client_credentials. If I put all my parameters as query parameters it get back a token:

https://www.mydomain.com/auth/oauth2.0/accessToken?grant_type=client_credentials&client_id=myClient&client_secret=mySecret

But the cas doc says not to pass in sensitive info (client, secret, refresh token) in GET method and to use POST instead. I have not been able to get post to work. I've tried using Basic Authorization using clientId:secret with body having grant_type=client_credentails but get back 400.

Any suggestions?

-psv

Pablo Vidaurri

unread,

Sep 16, 2019, 10:18:15 AM9/16/19

to CAS Community

I've found another posting that worked for me:

Example:

curl -X POST \

https://www.mydomain.com/auth/oauth2.0/accessToken \

-H 'authorization: Basic myEncodedCredentials' \

-H 'cache-control: no-cache' \

-H 'content-type: application/x-www-form-urlencoded' \

-d 'grant_type=client_credentials&client_id=myClientId'

Andy Ng

unread,

Sep 23, 2019, 12:57:47 AM9/23/19

to CAS Community

Hi Pablo,

Althoguh you current solution works, since you are using Postman, an easier option would be just use the body tag, like so:

The above would work.

Cheers!

- Andy

Reply all

Reply to author

Forward