search

badgateway / oauth2-client

OAuth2 client for Node and browsers
https://www.npmjs.com/package/@badgateway/oauth2-client
MIT License
285 stars 34 forks source link

/token: don't send client_id in body #71

Closed bbigras closed 2 years ago

bbigras commented 2 years ago

see: https://github.com/HeroicKatora/oxide-auth/issues/145

basically it seems that you should only use authorization: Basic

evert commented 2 years ago

Hi @bbigras , I think #72 fixes this and also your other issue (#70).

If a clientSecret is passed in the constructor, we will no longer add clientId and clientSecret to the body, they are both now set in the Authorization: Basic header.

If that works for you, I will close this ticket and release a new version of this package.

bbigras commented 2 years ago

Is there an easy way for me to use your github repo in package.json?

I tried this:

  "dependencies": {
    "@badgateway/oauth2-client": "badgateway/oauth2-client",

but I got:

Failed to resolve entry for package "@badgateway/oauth2-client". The package may have incorrect main/module/exports specified in its package.json: Failed to resolve entry for package "@badgateway/oauth2-client". The package may have incorrect main/module/exports specified in its package.json.

I think I had to run npm install and npm run prepublishOnly in node_modules/@badgateway/oauth2-client.

bbigras commented 2 years ago

If that works for you, I will close this ticket and release a new version of this package.

It seems to work. Thanks!