client_secret not set for Password Grant #74
Description
There is an introductory note that reads:
Please note that this extension retrieves the Client ID and Client Secrets for your Applications using the Management API. This information is subsequently used to call Authentication API endpoints where applicable.
However, it isn't the case with Password Grant. Requests to /oauth/token are missing the client_secret parameter as can be seen below:
{
"client_id": "9tlGxco4m755WQNJDREhX660qTsHojfz",
"connection": "Username-Password-Authentication",
"grant_type": "password",
"password": "*****************",
"scope": "openid",
"username": "[email protected]"
}