Resource owner password credentials flow fails
Summary
When trying to request a token in exchange for the resource owner credentials (username and password) unexpected error occurs. This behavior is present with self-hosted Gitlab version 13.9.3-ce.0. Tested with previous version, 13.8.4-ce.0, and flow works fine.
Steps to reproduce
- Install Gitlab 13.9.3-ce.0 using docker image
- Configure and verify email for root user (TFA is turned off)
- Request a token using curl
echo 'grant_type=password&username=<your_username>&password=<your_password>' > auth.txt
curl --data "@auth.txt" --user client_id:client_secret --request POST "https://gitlab.example.com/oauth/token"
What is the current bug behavior?
Token request returns with an error:
{"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}
What is the expected correct behavior?
Receive the access token back in the response. Expected behavior is describe here: https://docs.gitlab.com/ee/api/oauth2.html#resource-owner-password-credentials-flow
Relevant logs and/or screenshots
{"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}