New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: OAuth 2.0 Client Credentials Basic Auth #2164
base: main
Are you sure you want to change the base?
Conversation
8a24c7f
to
684a4bb
Compare
import { useDispatch } from 'react-redux'; | ||
import { humanizeOAuth2ClientSecretMethod } from 'utils/collections'; | ||
|
||
const ClientCredentialsMethodSelector = ({ item, collection, oAuth }) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The same component is used in RequestPane
and in CollectionSettings/Auth
. While the convention in the project seems to be using duplicate, almost identical components, I feel this approach is easier to manage. Perhaps it should be moved into a different location then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seconded - perhaps we should have a shared
components directory
request.data = { | ||
grant_type: 'password', | ||
username, | ||
password, | ||
client_id: clientId, | ||
client_secret: clientSecret, | ||
scope | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am pretty sure the interpolate-vars
has no business updating request.data
like this. The oauth2-helper
knows best what is and what is not to be included in request data, right?
c4c8e2b
to
54527fe
Compare
65cc7cc
to
050b588
Compare
Much Needed! |
050b588
to
6e47aff
Compare
Description
With this change the OAuth2 authorization on request and collection level is now including additional configuration option for handling client credentials when accessing token endpoint. This applies to all currently supported grant_types.
The new default option is to send the credentials as
Authorization: Basic
header:The old behavior to include them in the request body is still available.
resolves #2106
#1003
Contribution Checklist:
Note: Keeping the PR small and focused helps make it easier to review and merge. If you have multiple changes you want to make, please consider submitting them as separate pull requests.
Publishing to New Package Managers
Please see here for more information.