It seems I am missing something very basic here.
I made a REST Api that takes POST requests for generating tokens using the Apache Oltu OAuth2 service, that looks something like this :
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response authorize(@Context HttpServletRequest request) throws OAuthSystemException, IOException {
try {
OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);
OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
When I use HttpRequester or Postman to test the service, it works perfectly fine on condition that I input all authentication and OAuth2 parameters as input parameters, as an example :
https://localhost:8443/rest/OAuthService/token?grant_type=password&username=userfortest&password=Johhny1é&client_id=1234
However I read, that for any POST requests, all parameters should be in the Body of the HTTP request and never sent through with the url as a simple parameter. When I try to pass it in the body of the HTTP request, so as to make the request secure (so the url is the same without parameters and all params are specified in the body), it seems like it doesn't receive anything from the body as it throws an exception, after
OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);
with the following message :
{"error_description":"Missing grant_type parameter value","error":"invalid_request"}
Is it the intended behaviour of Oltu/OAuth2 for the parameters to be passed through with the url? Or what am I doing wrong?
Thanks in advance.
