andresmijares25 andresmijares25 - 1 year ago 86
PHP Question

oauth2 DELETE request, forbidden

I'm sending a DELETE server method to an API protected by Oauth2, however, I get the following message.

"error_description": "When putting the token in the body, the method must be POST or PUT"

I've been looking documentation regarding to this issue, and I cannot find a way to send other methods than post and put when including the access token to validate the permisions.

Any ideas?

Answer Source

The entire security of OAuth2 is based on the SSL/TLS. Access Tokens are usually passed to the server in the header like this:

Authorization: Bearer ee000c4eb0610ed1ed3115571133fcead52b2233

In requests like GET and DELETE the access token must be passed in the header. For POST and PUT requests it is okay to send it in the body, but sending it in the header is recommended.