You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Which version of Duende.AccessTokenManagement are you using?
Duende.AccessTokenManagement 3.0.0
Which version of .NET are you using?
net8.0
The ClientCredentialsTokenHandler from Duende.AccessTokenManagement doesn't work with Apigee's oauth 2.0 bearer token implementation due to the token_type being returned being "BearerToken" instead of "Bearer". "BearerToken" is invalid for use as an auth header scheme, therefore all api requests fail with 401. It's clear that Apigee is non-compliant (https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy#non-rfc-compliant-behavior), however as we are consuming someone else's API, we don't control this.
This is similar to the closed issue reported DuendeSoftware/Duende.AccessTokenManagement#38, however that is purely related to case sensitivity of token_type rather than an entirely different token_type being returned from the token api.
It would be useful to be able to override the scheme in the ClientCredentialsClient config and use that instead of the value returned as the token_type.
The text was updated successfully, but these errors were encountered:
Which version of Duende.AccessTokenManagement are you using?
Duende.AccessTokenManagement 3.0.0
Which version of .NET are you using?
net8.0
The ClientCredentialsTokenHandler from Duende.AccessTokenManagement doesn't work with Apigee's oauth 2.0 bearer token implementation due to the token_type being returned being "BearerToken" instead of "Bearer". "BearerToken" is invalid for use as an auth header scheme, therefore all api requests fail with 401. It's clear that Apigee is non-compliant (https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy#non-rfc-compliant-behavior), however as we are consuming someone else's API, we don't control this.
This is similar to the closed issue reported DuendeSoftware/Duende.AccessTokenManagement#38, however that is purely related to case sensitivity of token_type rather than an entirely different token_type being returned from the token api.
It would be useful to be able to override the scheme in the ClientCredentialsClient config and use that instead of the value returned as the token_type.
The text was updated successfully, but these errors were encountered: