To authorize a client application with the secret basic type, you need to add the Authorization header to the existing request with a string value consisting of a string indicating the token type - Basic and the login and password values, which are connected by a colon and encoded in BASE64 format.
In this case, the login is the client identifier (client_id), and the password is the client_secret value.
Example:
client_id = id-wrAwqUxyaY3XQdtDPdr8pxkYGw8fz7JjMTKLWgcXZHNHXhW
client_secret = hkL880RlLdnKLi90Tvz9zQW8uxDRSmLkXZueO4FE4ZGPc2Ovf8
client_id:client_secret = id-wrAwqUxyaY3XQdtDPdr8pxkYGw8fz7JjMTKLWgcXZHNHXhW:hkL880RlLdnKLi90Tvz9zQW8uxDRSmLkXZueO4FE4ZGPc2Ovf8
BASE64(client_id:client_secret) = aWQtd3JBd3FVeHlhWTNYUWR0RFBkcjhweGtZR3c4Zno3SmpNVEtMV2djWFpITkhYaFc6aGtMODgwUmxMZG5LTGk5MFR2ejl6UVc4dXhEUlNtTGtYWnVlTzRGRTRaR1BjMk92Zjg=
Final header:
Authorization = Basic aWQtd3JBd3FVeHlhWTNYUWR0RFBkcjhweGtZR3c4Zno3SmpNVEtMV2djWFpITkhYaFc6aGtMODgwUmxMZG5LTGk5MFR2ejl6UVc4dXhEUlNtTGtYWnVlTzRGRTRaR1BjMk92Zjg=
Example request in cURL:
Friendly OAuth2 Server
Friendly oAuth2 server documentation
Authorization secret basic
General information about client authorization using the secret basic method
curl --request POST \
--url http://localhost:9000/oauth2/token \
--header 'Authorization: Basic aWQtd0VremlKNmpXNmRKZzM2R1QyYTF3dzdDNEJwTGVYQ3JNUkxBVmdPeVFOZ1NLWlY6TjJmOVR2YWNSdUJzUkxRMm1TdzlIT1EyR29MQ0RJYURQc29YZlQweE51OGtjdUFaU08=' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials
A practical example of client authorization using the secret basic method
0) Since in this section we will only test client authorization, in the admin panel we will set the OAuth2 mode - OAuth2 client credential flow, and the client authorization value to Client secret basic
1) For training, we will create a test client
2) Let's create a POST request to address http://localhost:9000/oauth2/token
And we will receive an access token.