Out of curiosity I would like to know why client_id
and client_secret
are required in 2-legged Authentication in OAuth 2.0?
I am using grant_type = password and sending username & password in the post method but in this I am getting error that Client credentials are not found in request body or header. When I pass client_id
and client_secret
I am able to get the access_token.
I am trying to understand that why client_id
and client_secret
are required for 2 Logged Authentication. I think this is the best place I can get answer to my confusion.
To be more specific I have a mobile application which communicates with a server over a web service API, and we are not having any 3rd party usage and that is the reason we are using 2-legged authentication but I am confused about the use of client_id
and client_secret
. Please excuse me if I am asking stupid question, but for me its a big confusion.