Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Authorization Header not found in OAuth2 getOAuthAccessToken #175

twhtanghk opened this Issue · 3 comments

2 participants


I run into problem in connection from passport-oauth2 to django-oauth-toolkit. When authorization is granted, getOAuthAccessToken prepare the request without authorization header including clientId and clientSecret as defined in section 4.1.3 of rfc6749. The value of the authorization header is "unicode: Bearer undefined" instead. Any hints or suggestion. Thanks.


It is suggested to revise oauth2.js line 155-159 as follows:

  var post_data= querystring.stringify( params );
  var post_headers= {
       'Content-Type': 'application/x-www-form-urlencoded',
       'Authorization': 'Basic ' + new Buffer(this._clientId + ':' + this._clientSecret).toString('base64')

Any other suggestions. Thanks


I'm running into the same issue. The request body contains the id/secret, when some services require it to be in the Authorization header as a Basic auth request. I'm not familiar with the services purportedly tested with this library, but I'm guessing they accept the authorization in the body rather than the header.


For your information, the following is mentioned in section 2.3.1 of rfc 6749.

   Including the client credentials in the request-body using the two
   parameters is NOT RECOMMENDED and SHOULD be limited to clients unable
   to directly utilize the HTTP Basic authentication scheme (or other
   password-based HTTP authentication schemes).  The parameters can only
   be transmitted in the request-body and MUST NOT be included in the
   request URI.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.