Is basic authentication really needed when exchanging auth token for access token?

You can use basic authentication: setting the client_id and client_secret
as the username and password when requesting a token, or you can pass the
client_id and client_secret as POST parameters when making the request.
Passing them as POST params is what the Google OAuth Sandbox does.

Kind regards,

GraemeOn 2 October 2012 15:59, chrisb brain2006@gmail.com wrote:

The docs suggest you need to use basic authentication when exchanging the
authorization token for an access token.

The Access Token Request

The App must exchange the Authorisation Token for an Access Token and a
Refresh Token. To do this, the app makes an HTTP Basic Auth POST to the
FreeAgent Token Endpoint https://api.freeagent.com/v2/token_endpoint using
the Client ID as the username and Client Secret as the password and
including the following in the POST body:

However, this seems to work fine for me if I make the POST without setting
basic auth details.


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To view this discussion on the web visit
https://groups.google.com/d/msg/freeagent_api/-/eiPAP-TZGTAJ.
To post to this group, send email to freeagent_api@googlegroups.com.
To unsubscribe from this group, send email to
freeagent_api+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.

Graeme Boyd
Senior Software Engineer

Web. freeagent.com http://www.freeagent.com/ Blog. freeagent.com/blog
Twitter. @freeagent https://twitter.com/#!/freeagent Facebook.
facebook.com/freeagentapp

40 Torphichen Street, Edinburgh, EH3 8JB
FreeAgent Central Ltd. Registered in sunny Scotland SC316774