Hello, XFRocks, I am currently trying to setup the API to verify users using oAuth (using user credentials), but I don't quite know how to go about it. Any help would be greatly appreciated Edit: I was also trying to do this without creating a client_id/client_secret, as I wanted it to be able to be used on multiple instances without having to create a client. I don't think that part is possible?
You can do POST to http://domain.com/api/oauth/token like this (curl example): Code: curl -XPOST 'http://domain.com/api/oauth/token' -d 'grant_type=password&username=abc&password=123&client_id=xxx&client_secret=yyy'
Stilldabomb @xfrocks Would there be any way to remove the client_id and client_secret while still keeping the username and password authentication? I'm like 98% sure this isn't how OAuth works, but I'm trying to get something simple that allows people to sign in via their username and password without having to get an actual token to insert into the application.
xfrocks @Stilldabomb No, the client_id and secret is required as per OAuth2 draft 10 spec (which is a bit different from RFC 6749)
xfrocks @Stilldabomb It is another grant type for OAuth2. Btw, I noticed you asked about password encryption, it is possible. You can consult the doc for more information: https://github.com/xfrocks/bdApi/blob/master/docs/api.markdown