Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify auth_scheme: :request_body for oauth2 v2.x compatibility #26

Merged
merged 2 commits into from May 18, 2023
Merged

Specify auth_scheme: :request_body for oauth2 v2.x compatibility #26

merged 2 commits into from May 18, 2023

Conversation

excid3
Copy link
Contributor

@excid3 excid3 commented May 18, 2023

The oauth2 gem switched the default auth_scheme in v2 from :request_body to :basic_auth. This caused an "Invalid Credentials" error when requesting the auth token because client_id and client_secret params were not included in the requests.

This is a backwards compatible change that will work with oauth2 v1.x and v2.x.

https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.11/lib/oauth2/client.rb?ref_type=tags#L44
https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.0/lib/oauth2/client.rb?ref_type=tags#L46

For anyone curious, the auth_scheme determines how the authentication params or headers are included in the token request. Since this is now basic_auth unless specified, the client_id and client_secret were not included in params. https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/lib/oauth2/authenticator.rb?ref_type=tags#L24

Fixes #25

@excid3
Specify auth_scheme: :request_body for oauth2 v2.x compatibility
3125f59 
The oauth2 gem switched the default auth_scheme in v2 from `:request_body`
to `:basic_auth`. This caused an "Invalid Credentials" error when
requesting the auth token because client_id and client_secret params
were not included in the requests.

This is a backwards compatible change that will work with oauth2 v1.x and v2.x.

https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.11/lib/oauth2/client.rb?ref_type=tags#L44
https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.0/lib/oauth2/client.rb?ref_type=tags#L46
@excid3 excid3 mentioned this pull request May 18, 2023
Closed
@excid3
Copy link
Contributor Author

excid3 commented May 18, 2023
edited

CI seems broken. I tried adding rubygems: latest to CI but it didn't work with ruby 2.5 and also multi_json complaints in other Ruby versions.

Didn't really want to try and fix CI in this PR, so it should probably be done separately.

cc @andrewsomething

@andrewsomething andrewsomething mentioned this pull request May 18, 2023
Merged
andrewsomething
andrewsomething approved these changes May 18, 2023
View reviewed changes
Copy link
Member

@andrewsomething andrewsomething left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙏 Thanks @excid3!

@andrewsomething andrewsomething merged commit 8ff5b81 into digitalocean:main May 18, 2023
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewsomething andrewsomething andrewsomething approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Access token request is missing client id and secret
2 participants
@excid3 @andrewsomething