Support basic authentication in auth provider userinfo request #2260
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
May 17, 2017 11:04
SpComb
approved these changes
Jun 28, 2017
There was a problem hiding this comment.
Well, my first kontena master login with this failed with a HTTP 400 from the master /cb, but the second try works, so I guess it didn't break kontena cloud master logins ¯\(ツ)/¯
Do not want to actually start reviewing the oauth2 spec and implementations for the use of basic authorization headers for client ID/secrets in whatever part of the flow.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #2248
If the config
oauth2.userinfo_requires_basic_authis true, the auth provider client will send client_id + client_secret as basic auth credentials when performing the userinfo/token introspection request.The default behavior when the config value is false is to use the obtained access token as bearer authentication header.