Skip to content

Commit

Permalink
oauth2: basic auth should decode client id and secret
Browse files Browse the repository at this point in the history
closes #182
  • Loading branch information
Aeneas Rekkas (arekkas) authored and arekkas committed Jun 21, 2017
1 parent c1ab029 commit 92b75d9
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions access_request_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"strings"

"github.com/pkg/errors"
"net/url"
)

// Implements
Expand Down Expand Up @@ -55,9 +56,13 @@ func (f *Fosite) NewAccessRequest(ctx context.Context, r *http.Request, session
}

// Decode client_id and client_secret which should be in "application/x-www-form-urlencoded" format.
clientID, clientSecret, ok := r.BasicAuth()
if !ok {
var clientID, clientSecret string
if id, secret, ok := r.BasicAuth(); !ok {
return accessRequest, errors.Wrap(ErrInvalidRequest, "HTTP authorization header missing or invalid")
} else if clientID, err = url.QueryUnescape(id); err != nil {
return accessRequest, errors.Wrap(ErrInvalidRequest, `The client id in the HTTP authorization header could not be decoded from "application/x-www-form-urlencoded"`)
} else if clientSecret, err = url.QueryUnescape(secret); err != nil {
return accessRequest, errors.Wrap(ErrInvalidRequest, `The client secret in the HTTP authorization header could not be decoded from "application/x-www-form-urlencoded"`)
}

client, err := f.Store.GetClient(ctx, clientID)
Expand Down

0 comments on commit 92b75d9

Please sign in to comment.