Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Authorization Header not found in OAuth2 getOAuthAccessToken #175

Open
twhtanghk opened this Issue · 3 comments

2 participants

@twhtanghk

I run into problem in connection from passport-oauth2 to django-oauth-toolkit. When authorization is granted, getOAuthAccessToken prepare the request without authorization header including clientId and clientSecret as defined in section 4.1.3 of rfc6749. The value of the authorization header is "unicode: Bearer undefined" instead. Any hints or suggestion. Thanks.

@twhtanghk

It is suggested to revise oauth2.js line 155-159 as follows:

  var post_data= querystring.stringify( params );
  var post_headers= {
       'Content-Type': 'application/x-www-form-urlencoded',
       'Authorization': 'Basic ' + new Buffer(this._clientId + ':' + this._clientSecret).toString('base64')
   };

Any other suggestions. Thanks

@skeggse

I'm running into the same issue. The request body contains the id/secret, when some services require it to be in the Authorization header as a Basic auth request. I'm not familiar with the services purportedly tested with this library, but I'm guessing they accept the authorization in the body rather than the header.

@twhtanghk

For your information, the following is mentioned in section 2.3.1 of rfc 6749.

   Including the client credentials in the request-body using the two
   parameters is NOT RECOMMENDED and SHOULD be limited to clients unable
   to directly utilize the HTTP Basic authentication scheme (or other
   password-based HTTP authentication schemes).  The parameters can only
   be transmitted in the request-body and MUST NOT be included in the
   request URI.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.