Open Larsundso opened 1 month ago
Discord's OAuth2 Token Revocation URL only accepts
Basic
auth as per RFC7709 standard.
According to the docs:
All calls to the OAuth2 endpoints require either HTTP Basic authentication or
client_id
andclient_secret
supplied in the form data body.
And I can confirm this work because I'm using the revoke endpoint (on logout) with the client id/secret in the body. So if you need a workaround, you can pass it the body.
But yeah, I agree nirn-proxy should support (ignore?) basic auth headers.
Why is that important?
Discord's OAuth2 Token Revocation URL only accepts
Basic
auth as per RFC7709 standard. Nirn should support this edgecase for full API coverage.Code to reproduce (djs)
const rest = new REST({ api: NIRN_URL })
const revoke = (applicationId, applicationSecret, body) => { return rest.post(Routes.oauth2TokenRevocation(), { body: makeURLSearchParams(body), passThroughBody: true, headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization':
Basic ${Buffer.from(
${applicationId}:${applicationSecret}).toString('base64')}
, }, auth: false, }) }console.log(await revoke(APP_ID, APP_SECRET { token: REFRESH_TOKEN, token_type_hint: 'refresh_token' }));
Actual Result