client_id required. Why? #49
Description
I am trying to obtain access token according to Section 4.3.2 Of OAuth 2.0 RFC.
When I send client_id and client_secret together with username and password everything works fine. But I need to obtain the access token without sending client_id and client_secret as my client is not confidential, say. Here is the HTTP flow between client and authorization server.
POST http://localhost:3000/oauth2/token HTTP/1.1
User-Agent: Fiddler
Host: localhost:3000
Content-Type: application/x-www-form-urlencoded
Content-Length: 59
grant_type=password&username=[email protected]&password=test
The server responds with 400 Bad request
HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 71
X-Ua-Compatible: IE=Edge
X-Runtime: 0.009000
Server: WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22)
Date: Thu, 04 Apr 2013 11:56:27 GMT
Connection: Keep-Alive
{"error":"invalid_request","error_description":"'client_id' required."}
How can I force the server not to bother about client's credentials?