Enable sending OAuth2 callback url x-www-form-encoded

[eli-b]

Python's oauthlib requires that callback urls be x-www-form-urlencoded. Please enable sending the callback url in this way.

[eli-b]

The following issue seems related: #752

[aeneasr]

The OAuth2 Specification is pretty clear on this issue: https://tools.ietf.org/html/rfc6749#section-4.1.3

4.1.3. Access Token Request
The client makes a request to the token endpoint by sending the
following parameters using the "application/x-www-form-urlencoded"
format per Appendix B with a character encoding of UTF-8 in the HTTP
request entity-body:

This isn't a feature, it's a bug

[abhijitkane]

@arekkas @eli-b

With the "Request access token locally" option selected, this is the POST /access_token request that's made from the app. The redirect_uri parameter is included in the form data, and the request content type is application/x-www-form-urlencoded.

[aeneasr]

Right, sorry, my bad. In fact, everything was (almost) working fine - except that postman seems to be url encoding special chars in client secrets. For example, the password lidFNXvQOf5eH!$h yields this base64 string YTVkZTRiOWUtOTEyNS00ZmZiLTg2NTMtN2Y3ZTkzMjRjMzM1OmxpZEZOWHZRT2Y1ZUghJTI0aA== which gives, when decoded a5de4b9e-9125-4ffb-8653-7f7e9324c335:lidFNXvQOf5eH!%24h

[czardoz]

@arekkas The RFC says that

The client identifier is encoded using the
   "application/x-www-form-urlencoded" encoding algorithm per
   Appendix B, and the encoded value is used as the username; the client
   password is encoded using the same algorithm and used as the
   password.

https://tools.ietf.org/html/rfc6749#section-2.3.1

[aeneasr]

Again I have to apologize, looks like everything is working as specified :)