Open ap-wtioit opened 2 years ago
When i tried to set up the omniauth openid_connect in our gitlab instance with client_auth_method basic, the secret was sent url encoded to the server.
basic
e.g.
... { name: "openid_connect", ... args: { ... client_auth_method: "basic", ... client_options: { identifier: "our_id", secret: "our_p+a+s/s/w+o+r+d" ... }, ... } } ...
would send the following authorization header to the server: Basic b3VyX2lkOm91cl9wJTJCYSUyQnMlMkZzJTJGdyUyQm8lMkJyJTJCZA==
Basic b3VyX2lkOm91cl9wJTJCYSUyQnMlMkZzJTJGdyUyQm8lMkJyJTJCZA==
which gives us our_id:our_p%2Ba%2Bs%2Fs%2Fw%2Bo%2Br%2Bd instead of our_id:our_p+a+s/s/w+o+r+d
our_id:our_p%2Ba%2Bs%2Fs%2Fw%2Bo%2Br%2Bd
our_id:our_p+a+s/s/w+o+r+d
change client_auth_method to basic_without_www_form_urlencode may help.
basic_without_www_form_urlencode
When i tried to set up the omniauth openid_connect in our gitlab instance with client_auth_method
basic
, the secret was sent url encoded to the server.e.g.
would send the following authorization header to the server:
Basic b3VyX2lkOm91cl9wJTJCYSUyQnMlMkZzJTJGdyUyQm8lMkJyJTJCZA==
which gives us
our_id:our_p%2Ba%2Bs%2Fs%2Fw%2Bo%2Br%2Bd
instead ofour_id:our_p+a+s/s/w+o+r+d