OAuth2 client_crendetials implementation doesn't follow the RFC

[aperinot-orange]

swagger-ui: master branch, commit aafca0f.

Oauth2's client_crendetials authentication mode is implemented as follows :

function clientCredentialsFlow(scopes, tokenUrl, OAuthSchemeKey) {
    var params = {
      'client_id': clientId,
      'client_secret': clientSecret,
      'scope': scopes.join(' '),
      'grant_type': 'client_credentials'
    }
    $.ajax(
    {
      url : tokenUrl,
      type: "POST",
      data: params,
      success:function(data, textStatus, jqXHR)
      {
        onOAuthComplete(data,OAuthSchemeKey);
      },
      error: function(jqXHR, textStatus, errorThrown)
      {
        onOAuthComplete("");
      }
    });

  }

By reading the corresponding paragraph in the RFC : https://tools.ietf.org/html/rfc6749#section-4.4.2

This is the kind of request that should be done :

POST /token HTTP/1.1
Host: server.example.com
Authorization: XXXXX
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials

It is impossible for now to use the "client_crendetials" authentication mode from Oauth2 in swagger with this implementation.

Maybe is there any workaround ?

[webron]

This should be fixed.