Sending password as query param

[awalias]

Guys loving the work so far!

- Do you want to request a feature or report a bug? bug / security improvement

- What is the current behavior? as per the README /token endpoint expects email and password as query params

but this is not secure, would be better to send in the body of the request

- If the current behavior is a bug, please provide the steps to reproduce. try to send these username and password fields in the body of the request, but gotrue complains that there is no user that matches this email

- What is the expected behavior? should be able to send via request body instead of in URI

- Please mention your Go version, and operating system version. Ubuntu 18.04.4 LTS. go1.13.5

[awalias]

also I don't know if the choice of username as parameter was deliberate, but it is a mismatch with the email field used in the signup endpoint and in the db schema

[awalias]

fyi the changes I made on the supabase fork above allow the sending of email and password values in body as json. I realized by looking at gotrue-js that you are actually sending the values in the body but in query format. This change adds some flexibility

[suciuvlad]

+1. Curious about this one too. Any reason why the data is sent as application/x-www-form-urlencoded ?

[hydroid7]

That's simply the OAuth2 Password Grant. Nothing special.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had activity in 1 year. It will be closed in 7 days if no further activity occurs. Thanks!

[github-actions[bot]]

This issue was closed because it had no activity for over 1 year.