Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago Attached is a patch which sends basic auth header for every request. Of course,
this would need to be made optional e.g. config flag.Original comment by porj...@yahoo.com.au on 4 Feb 2014 at 10:14
Attachments:
GoogleCodeExporter
commented
9 years ago Shouldn't this be closed as it looks like a patch was submitted to the
repository?
https://code.google.com/p/goauth2/source/detail?r=696c088491246273e92442aa66b528
1e5bb34faaOriginal comment by prat...@referabuyer.com on 5 Jun 2014 at 4:08
GoogleCodeExporter
commented
9 years ago For this commit, it does not work for Dropbox oauth flow. Which raises 400:
err: "Can't use "Authorization" header and "client_secret" arg together."
It would be great if we can pass option in?Original comment by cls...@gmail.com on 5 Aug 2014 at 10:24
GoogleCodeExporter
commented
9 years ago The answer isn't more options.
We should just not send the client_secret at all if servers are required to
support the Authorization header. And indeed, RFC 6749 section 2.3.1 says: "The
authorization server MUST support the HTTP Basic authentication scheme for
authenticating clients that were issued a client password."
Original comment by bradfitz@golang.org on 10 Aug 2014 at 6:02
GoogleCodeExporter
commented
9 years ago Original comment by bradfitz@golang.org on 10 Aug 2014 at 6:02
GoogleCodeExporter
commented
9 years ago Sent https://codereview.appspot.com/123250044
Original comment by bradfitz@golang.org on 12 Aug 2014 at 6:55
GoogleCodeExporter
commented
9 years ago This issue was closed by revision f06a85362aa5.Original comment by bradfitz@golang.org on 12 Aug 2014 at 8:58
GoogleCodeExporter
commented
9 years ago This should be fixed now. Let me know if otherwise.
Original comment by bradfitz@golang.org on 12 Aug 2014 at 8:58
GoogleCodeExporter
commented
9 years ago I Came here to report that GitHub OAuth also doesn't support passing in the
Secret through the Authorization header and fails with "received empty access
token from authorization server" since the serve returns
"incorrect_client_credentials"
(https://developer.github.com/v3/oauth/#common-errors-for-the-authorization-requ
est)
Is there any other way me to revert to the old behaviour instead manually
editing "func providerAuthHeaderWorks(tokenURL string)" to also include
github.com?Original comment by advander...@gmail.com on 27 Aug 2014 at 8:08
GoogleCodeExporter
commented
9 years ago If that's what GitHub requires, then we should update that function
https://codereview.appspot.com/131360043Original comment by a...@golang.org on 27 Aug 2014 at 8:51
GoogleCodeExporter
commented
9 years ago Great!, optionally the error that follows might be improved to provide more
context or it could be handy to somehow refer to this issue in the immediate:
something along the lines "<error>, this might be caused by the server not
following the oAuth2 spec, @see <some link>" it could save future developers
hours of debugging and and additionally might cause those developers to
report failing services so they can be added to the list as soon as possible.Original comment by advander...@gmail.com on 27 Aug 2014 at 9:10
GoogleCodeExporter
commented
9 years ago This issue was updated by revision 9fc9b28b7ffa.
LGTM=bradfitz
R=golang-codereviews, bradfitz
CC=golang-codereviews
https://codereview.appspot.com/131360043
Committer: Brad Fitzpatrick <bradfitz@golang.org>Original comment by a...@golang.org on 27 Aug 2014 at 3:36
GoogleCodeExporter
commented
9 years ago Please do file a separate bug for comment #11. This bug is closed.
I've submitted Andrew's change.
Original comment by bradfitz@golang.org on 27 Aug 2014 at 3:37
Original issue reported on code.google.com by
porj...@yahoo.com.auon 4 Feb 2014 at 7:50