Mattermost allow client_credentials OAuth2 flow? (Client Credentials - OAuth 2.0 Simplified)
When I try to do:
curl -i -H 'Content-Type: application/x-www-form-urlencoded' -X POST 'http://localhost:8065/oauth/access_token' -d 'grant_type=client_credentials&client_id=yck8zdobibdrdg63hha9mnkh6w&client_secret=i3udgcyc638ji8gg8jmtips1fr' HTTP/1.1 400 Bad Request Content-Type: text/html X-Request-Id: 8so69qjpijfudeudrkhnxe6mee X-Version-Id: 5.10.0.5.10.0-rc5.1d238412e7aa1c87115d25bf580d16e9.false Date: Mon, 15 Apr 2019 18:53:13 GMT Content-Length: 650
I get:
HTTP/1.1 400 Bad Request
Content-Type: text/html
X-Request-Id: cmo3qsqbx3yzbc57379fdbkwqr
X-Version-Id: 5.10.0.5.10.0-rc5.1d238412e7aa1c87115d25bf580d16e9.false
Date: Mon, 15 Apr 2019 21:39:46 GMT
Content-Length: 650
<!DOCTYPE html><html><head></head>
<body onload="window.location = '/error?message=invalid_request%3A+Bad+grant_type&s=MEUCIFTaTapz983dRVjtXf-3MeS5mL7hUXhw68_3fWSTdXsLAiEAry-wDITMXwgWo6FezsvHU4LJq1I-uhnY_GCsd74iPGQ='">
<noscript><meta http-equiv="refresh" content="0; url=/error?message=invalid_request%3A+Bad+grant_type&s=MEUCIFTaTapz983dRVjtXf-3MeS5mL7hUXhw68_3fWSTdXsLAiEAry-wDITMXwgWo6FezsvHU4LJq1I-uhnY_GCsd74iPGQ="></noscript>
<a href="/error?message=invalid_request%3A+Bad+grant_type&s=MEUCIFTaTapz983dRVjtXf-3MeS5mL7hUXhw68_3fWSTdXsLAiEAry-wDITMXwgWo6FezsvHU4LJq1I-uhnY_GCsd74iPGQ=" style="color: #c0c0c0;">...</a>
</body></html>
Pretty sure I am doing something wrong, just don’t know what
Trying to create an Authorization Bearer Token that is not bound to an user but an app to access the api, is this possible, I don’t want to use the admin credentials to do API calls like create user or add user to a team