Sephster
commented
1 year ago I don't think there are limitations but the important thing to note is that the validation of a client is handled by code you have implemented. I suspect that there might be some decoding needed in your implementation of the ClientRepository as next is correctly encoding special characters.
If you review your ClientRepository and look at the function validateClient() in particular, you should be able to ascertain what is being sent to this function by next and act accordingly.
I hope this is helpful. Please do let me know if this works out for you.
Hello,
I am trying to authenticate on a server that runs oauth2-server and implements the authorization code grant mechanism.
On my website, there is a login button that redirects users to their authentication page. There, users can enter their credentials and if they are correct, they can enter my website. This is implemented using next-auth.
Everything works fine if the secret that the admin of the oauth2-server provides does not contain any special characters (e.g: AB20Cde4). However, when special characters are added to the secret (e.g AB20-Cde-4), authentication fails and I receive the following error message:
Are there any limitations to the characters that can be used in a client secret or is it more likely related to the package I am using on the client side?