Imported Google Group message.
Date:Saturday, 13 June 2015 12:17:11 UTC+1.
The test does the following:
It sets these request parameters:
It then also sets the Authorization header. This test passes, so it works with our Oath implementation.
There's a great guide here that explains things better (https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#web-server-apps), this guide was used to set up the original tests, so it's a good place to start, a token request looks like this:
Now this isn't setting the auth header, so it may not be required, but even if it isn't, it is optional since our test passes
I haven’t got a sample auth request to hand I'm afraid, I've gone through some of my old test requests and found one I was using, here it is:
The Auth header will be needed because it will be checked by Tyke to grab the client so it cn verify the secret. Here it is including the client_secret in the params, which is odd, it may or may not be needed :-/ (long time since I've worked on this, so forgive me if my Oath knowledge is rusty).
I think the Basic header is correct, you will need to base64 encode it though.
The client secret looks like it base64 encoded too. As is the code. You may need to make sure that all the params are encoded correctly.
I hope that helps.