search

cli / oauth

A library for performing OAuth Device flow and Web application flow in Go client apps.
https://pkg.go.dev/github.com/cli/oauth
MIT License
466 stars 65 forks source link

Device Flow does not work with JSON Responses #27

Closed ShivanshVij closed 2 years ago

ShivanshVij commented 2 years ago

I've been testing this library out with the device code flow feature in the Dex Authorization framework (https://github.com/dexidp/dex) and it doesn't seem to work properly.

After digging into the code a little bit, I realized that this library expects the response to be encoded as a form. If it does not receive a response in that form, it falls back to the webapp flow.

However, the official RFC for the Device Code flow explicitly expects a JSON response.

Would a PR that allows for both response types be welcome?

ShivanshVij commented 2 years ago

Closing because this isn't actually a bug from this library, it's a bug in Dex. This library does check if the encoding is a JSON response type, Dex is just not appending that header in the response.