Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to use non-escaped header auth style #476

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add ability to use non-escaped header auth style #476

wants to merge 1 commit into from
+52 −3

Conversation

mwielbut
Copy link

Some OAuth providers do not adhere to the standard of accepting query escaped credentials when using Basic header auth. If your client ID or client secret contains non-standard URL query characters they will be rejected by the OAuth provider.
The current implementation always query escapes the client_id and client_secret:
req.SetBasicAuth(url.QueryEscape(clientID), url.QueryEscape(clientSecret))
This PR proposes a new AuthStyle AuthStyleInHeaderNoEscape that will pass the credentials unescaped.
This has been raised several times:
#251
#318
#320
but without this feature this library cannot be used against some key OAuth providers.

This PR replaces #351 which was raised in an early version of the code.

@google-cla google-cla bot added the cla: yes label Feb 12, 2021
@mwielbut mwielbut mentioned this pull request Feb 12, 2021
Closed
@gopherbot
Copy link
Contributor

This PR (HEAD: 04dcc31) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/291529 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

@gopherbot
Copy link
Contributor

Message from Go Bot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
A maintainer will review your change and provide feedback. See
https://golang.org/doc/contribute.html#review for more info and tips to get your
patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Matt Wielbut:

Patch Set 1:

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Andrii Deinega:

Patch Set 1:

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Andrii Deinega:

Patch Set 1:

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Cody Oss:

Patch Set 1: Code-Review-1

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

@wirtsi wirtsi mentioned this pull request Jun 7, 2021
Open
@gopherbot
Copy link
Contributor

Message from Andrii Deinega:

Patch Set 1:

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Andrii Deinega:

Patch Set 1:

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Cody Oss:

Patch Set 1: Code-Review-1

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

@sfroment
Copy link

Is it planned to merge this at one point ?

@tpihl
Copy link

tpihl commented Jun 15, 2023

They grew tired of saying no, so they said yes and then just no doing it. I am honestly less than impressed (i gave opinion more than a year ago in the source repo)

@bachmanity1 bachmanity1 mentioned this pull request Jun 19, 2024
Closed
@MakotoE
Copy link

MakotoE commented Feb 5, 2025

Thank you for posting this issue 4 years ago. I encountered this when I was trying to use this library with the go-oauth2/oauth2 library. I agree that this suggested feature will be very helpful and should fix my issue.

The relevant section of the RFC for Basic authentication scheme does not mention URL encoding at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glopezjc glopezjc glopezjc approved these changes

Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@mwielbut @gopherbot @sfroment @tpihl @MakotoE @glopezjc