I gave the clientId and clientSecret but the request doesn't include Authorization header with Basic string

[rakesh-sharma]

I am using NbOAuth2AuthStrategy like below

       name: 'password',
        clientId :'xxxx',
        clientSecret: 'xxxx',
        baseEndpoint: 'https://www.xxx.com/',
	token: {
            grantType: NbOAuth2GrantType.PASSWORD,
            class: NbAuthOAuth2Token,
            endpoint: 'oauth/token'
        }

It should ideally send the Authorization header with Basic string generated using clientId and clientSecret, but it's not sending is there any way I can send this header?

Also the payload has parameter with name 'email' instead of that Can I name it 'username'

[alain-charles]

You are right, it is a TODO in the NbOAuth2AuthStrategy.

According to https://tools.ietf.org/html/rfc6749#section-2.3 :

• Clients in possession of a client password MAY use the HTTP Basic authentication scheme (...)
• Alternatively, the authorization server MAY support including the
  client credentials in the request-body using the following
  parameters: client_id (...) and client_secret (...)

As a contributor to this strategy, i'll propose a PR that writes for the moment the first point, i.e. the basic authentication scheme.

@nnixaa what do you think ?

Alain