search

pilcrowonpaper / oslo

A collection of auth-related utilities
https://oslo.js.org
MIT License
1.06k stars 35 forks source link

OAuth2 pass credentials in url #56

Closed plckr closed 7 months ago

plckr commented 7 months ago

I'm trying to validate the authorization code with the client_secret in the url

Looking at the code, it doesn't seem to be allowed, can you help me?

this is the expected url to validate the code /v1/grant/?grant_type=authorization_code&client_id=[your_developer_id]&redirect_uri=[your_callback_url]&client_secret=[your_client_secret_code]&code=[your_authorization_code]

authenticateWith only has 2 options: request_body or http_basic_auth (default) probably it needs to have a third option to allow it in search params ?

pilcrowonpaper commented 7 months ago

Use request_body - it will send the credentials in a x-www-form-urlencoded request which will send the data as query params