The client obtains an access token from the authorization server by m…

…aking an HTTP POST request to the token endpoint (not GET).
jeremy · Apr 25, 2010 · 8466973 · 8466973
1 parent d67e48f
commit 8466973
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/lib/oauth2/strategy/web_server.rb b/lib/oauth2/strategy/web_server.rb
@@ -10,7 +10,7 @@ def authorize_params(options = {}) #:nodoc:
       # in order to successfully verify your request for most OAuth 2.0
       # endpoints.
       def get_access_token(code, options = {})
-        response = @client.request(:get, @client.access_token_url, access_token_params(code, options))
+        response = @client.request(:post, @client.access_token_url, access_token_params(code, options))
         params   = Rack::Utils.parse_query(response)
         token    = params['access_token']
         OAuth2::AccessToken.new(@client, token)
@@ -30,4 +30,4 @@ def access_token_params(code, options = {}) #:nodoc:
       end
     end
   end
-end
+end
diff --git a/spec/oauth2/strategy/web_server_spec.rb b/spec/oauth2/strategy/web_server_spec.rb
@@ -5,7 +5,7 @@
     cli = OAuth2::Client.new('abc','def', :site => 'http://api.example.com')
     cli.connection.build do |b|
       b.adapter :test do |stub|
-        stub.get('/oauth/access_token?code=sushi&client_id=abc&client_secret=def&type=web_server') do |env| 
+        stub.post('/oauth/access_token?code=sushi&client_id=abc&client_secret=def&type=web_server') do |env| 
           [200, {}, 'a=1&access_token=salmon']
         end
       end
@@ -42,4 +42,4 @@
       @access.token.should == 'salmon'
     end
   end
-end
+end