February 2012
Beginner to intermediate
78 pages
2h 13m
English
This flow is reliant upon the client being able to properly
authenticate with the authorization server and the client’s authentication
credentials remaining confidential. In order to authenticate, the client
can pass the client_id and client_secret to the authorization server as
POST parameters in the access token
request or can use a HTTP Basic Authentication header. The authorization server
can also authenticate the client using other mechanisms, such as a
public/private key pair, SSL/TLS client authentication, and the
like.