Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parse OAuth Authorization header when request omits client secret #21351

Merged
merged 3 commits into from
Oct 7, 2022
Merged

Parse OAuth Authorization header when request omits client secret #21351

merged 3 commits into from
Oct 7, 2022

Commits on Oct 6, 2022

  1. This fixes error "unauthorized_client: invalid client secret" when cl… 

    …ient includes secret in Authorization header rather than request body. OAuth spec permits both: https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1

> Clients in possession of a client password MAY use the HTTP Basic authentication scheme ... Alternatively, the authorization server MAY support including the   client credentials in the request-body

Sanity validation that client id and client secret in request are consistent with Authorization header.

Improve error descriptions. Error codes remain the same.
    @hickford
    hickford committed Oct 6, 2022
    Configuration menu
    Copy the full SHA
    3ae8528 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into oauth-ease

    @wxiaoguang
    wxiaoguang committed Oct 6, 2022
    Configuration menu
    Copy the full SHA
    4c8002d View commit details
    Browse the repository at this point in the history

  3. Merge branch 'main' into oauth-ease

    @zeripath
    zeripath committed Oct 6, 2022
    Configuration menu
    Copy the full SHA
    b6690bc View commit details
    Browse the repository at this point in the history