search

optimizely / agent

Agent service for Optimizely Feature Experimentation and Optimizely Full Stack (legacy)
Apache License 2.0
31 stars 26 forks source link

Unable to use /oauth/token since version 2.0.0 #345

Closed LieneJansone closed 1 year ago

LieneJansone commented 2 years ago

There is an issue with authentification using Issuer & Validator scheme since version 2.0.0

Issue description: oauth/token endpoint is expecting Content-Type: application/json here, but auth service is expecting Content-Type: application/x-www-form-urlencoded here

To reproduce:

  1. Not passing Context-Type header => returns 415 error code 
    
#!/usr/bin/python3

import json import requests import sys

s = requests.Session() s.headers.update({'X-Optimizely-SDK-Key': "mySDKkey"})

resp = s.post('http://localhost:8080/oauth/token', data={ "grant_type": "client_credentials", "client_id": "myclientID", "client_secret": "myclientSecret", })

print(resp)


2. Passing `Context-Type: application/json` header => returns `400` error code

!/usr/bin/python3

import json import requests import sys

s = requests.Session() s.headers.update({'X-Optimizely-SDK-Key': "mySDKkey"}) s.headers.update({'Content-Type': 'application/json'})

resp = s.post('http://localhost:8080/oauth/token', data={ "grant_type": "client_credentials", "client_id": "myclientID", "client_secret": "myclientSecret", })

print(resp)


We are using a custom build image with a workaround of removing `contentTypeMiddleware` from [here](https://github.com/optimizely/agent/blob/master/pkg/routers/api.go#L155)

Could this be looked into please? :)
Tamara-Barum commented 1 year ago

Closing as this was fixed in PR 346