search

truqu / elm-oauth2

OAuth 2.0 client-side utils in Elm
MIT License
81 stars 29 forks source link

bearer should be case insensitive #14

Closed globus68 closed 5 years ago

globus68 commented 5 years ago

Hi truqu! We have been using your elm-oauth2 with great success in our project at work. However when upgrading to Elm 0.19 and elm-oauth2 4.0 we ran into some trouble. I have traced the problem to the function OAuth.tokenFromString which creates a token when the case ("Bearer", t) holds. However, our Keycloak IDP is sending AuthenticationSuccess using the smallcap "bearer" instead of initcap "Bearer". This made the token creation fail. According to spec (https://tools.ietf.org/html/rfc6749#section-4.2.2) token type should be case insensitive. My suggestion for a new tokenFromString function:

tokenFromString : String -> Maybe Token
tokenFromString str =
    case ( String.toLower (String.left 6 str), String.dropLeft 7 str ) of
        ( "bearer", t ) ->
            Just (Bearer t)
        _ ->
            Nothing

Keep up the good work! Best regards Vidar Evenrud Seeberg

KtorZ commented 5 years ago

Ho. That's a mistake indeed, but not in the tokenFromString. This one is intended to be used for parsing an authorization header where the case is sensitive.

Though, the makeToken shouldn't use this and should here be case insensitive:

https://github.com/truqu/elm-oauth2/blob/master/src/OAuth.elm#L95

Happy to take PR, or will do later this week :+1:

globus68 commented 5 years ago

Nice, @KtorZ ! Regarding PR, I think I will leave this to you, skilled guys. I am way to new in the Elm world, and would probably ruin everything.... Happy to report the problem, though :) Best regards Vidar

KtorZ commented 5 years ago

Haha. As you prefer, yet, that's how you lear ;) You make a PR, you get constructive feedback, you feel empowered and make someone happy :)

globus68 commented 5 years ago

Thank you, @KtorZ , I will still like to wait a bit and leave this to you. I will keep my eye on the fix, though, to (for now) learn the sub optimal way :). Maybe I'm in later...

Really appreciate your work (and all other volunteers producing excellent tools for us consumers)!

KtorZ commented 5 years ago

See https://package.elm-lang.org/packages/truqu/elm-oauth2/4.0.1

Thanks for reporting :)

globus68 commented 5 years ago

Nice, thank you for quick fix :). I will try it out first thing tomorrow!

globus68 commented 5 years ago

Works like a charm, @KtorZ :+1: ! Thanks a lot!