Mattermost Peer-to-Peer Forum

OAuth client_credentials

#1

Mattermost allow client_credentials OAuth2 flow? (https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/)

When I try to do:

curl -i -H 'Content-Type: application/x-www-form-urlencoded' -X POST 'http://localhost:8065/oauth/access_token' -d 'grant_type=client_credentials&client_id=yck8zdobibdrdg63hha9mnkh6w&client_secret=i3udgcyc638ji8gg8jmtips1fr' HTTP/1.1 400 Bad Request Content-Type: text/html X-Request-Id: 8so69qjpijfudeudrkhnxe6mee X-Version-Id: 5.10.0.5.10.0-rc5.1d238412e7aa1c87115d25bf580d16e9.false Date: Mon, 15 Apr 2019 18:53:13 GMT Content-Length: 650

I get:

HTTP/1.1 400 Bad Request
Content-Type: text/html
X-Request-Id: cmo3qsqbx3yzbc57379fdbkwqr
X-Version-Id: 5.10.0.5.10.0-rc5.1d238412e7aa1c87115d25bf580d16e9.false
Date: Mon, 15 Apr 2019 21:39:46 GMT
Content-Length: 650

    <!DOCTYPE html><html><head></head>
    <body onload="window.location = '/error?message=invalid_request%3A+Bad+grant_type&amp;s=MEUCIFTaTapz983dRVjtXf-3MeS5mL7hUXhw68_3fWSTdXsLAiEAry-wDITMXwgWo6FezsvHU4LJq1I-uhnY_GCsd74iPGQ='">
    <noscript><meta http-equiv="refresh" content="0; url=/error?message=invalid_request%3A+Bad+grant_type&amp;s=MEUCIFTaTapz983dRVjtXf-3MeS5mL7hUXhw68_3fWSTdXsLAiEAry-wDITMXwgWo6FezsvHU4LJq1I-uhnY_GCsd74iPGQ="></noscript>
    <a href="/error?message=invalid_request%3A+Bad+grant_type&amp;s=MEUCIFTaTapz983dRVjtXf-3MeS5mL7hUXhw68_3fWSTdXsLAiEAry-wDITMXwgWo6FezsvHU4LJq1I-uhnY_GCsd74iPGQ=" style="color: #c0c0c0;">...</a>
    </body></html>

Pretty sure I am doing something wrong, just don’t know what

Trying to create an Authorization Bearer Token that is not bound to an user but an app to access the api, is this possible, I don’t want to use the admin credentials to do API calls like create user or add user to a team

#2

Hi @kuryaki,

Here’s our official OAuth documentation: https://docs.mattermost.com/developer/oauth-2-0-applications.html.

Here’s our documentation on access tokens: https://docs.mattermost.com/developer/personal-access-tokens.html.

Our API documentation is here: https://api.mattermost.com/#tag/drivers.

Let us know if any of these docs help clarify what you’re looking for.