feat: allow client-secret to be transported in authorization header

nuxt-community / auth-module

Zero-boilerplate authentication support for Nuxt 2

https://auth.nuxtjs.org

MIT License

1.93k stars 924 forks source link

feat: allow client-secret to be transported in authorization header #1656

Open michelmueller opened 2 years ago

michelmueller commented 2 years ago

Add new property clientSecretTransport with options body and authorization-header to have 2 options for transporting the client-secret

If set to body the client-secret is transported within the payload.

If set to authorization_header the client-secret is only part of the authorization header (Base64 client-id:client-secret). It is not part of the payload anymore.

michelmueller commented 2 years ago

I would recommend to wait for PR #1483 to merge, so I can update and use the new introduced option accordingly.

Intevel commented 2 years ago

I can only approve this changes and would merge it together with PR #1483. Good work @michelmueller 👍

Intevel commented 2 years ago

Did you tested it? @michelmueller

michelmueller commented 2 years ago

Did you tested it? @michelmueller

I testet in with the demo distribution and parts of your branch from #1483 . When #1483 is merged, I will update this PR accordingly and test it again. So nothing should break.