Able to generate Access token without client ID and secret using OAuth2 Password for Self-Hosted setup

Hi All,

When using to generate Access token using Oauth2 Resource owner password credentials flow, the endpoint does not allow us to generate the Access Token without passing Client ID and Client Secret in HTTP Basic authentication.

When we try the same using Self-Hosted, we are able to generate the Access Token.


Wanted to know why there is difference in behavior? Also observed that the token generated for Self-Hosted does not belong to any app, the value is null. Below response when we hit /token/info