[Pairing Adapter] - Allow to specify OAuth Style #866

aszecowka · 2020-02-21T15:04:33Z

In the current implementation, ClientID and ClientSecret are sent as a basic auth in the Authorization header.
Client ID and secret must be urlencoded in the authorization header, according to the RFC 6749 and our library is doing so: golang/oauth2@13449ad

Unfortunately, there are OAuth servers that do not decode those values (https://github.com/cloudfoundry/uaa), and as a result, we will get 401 Unauthorized Response: golang/oauth2#320.

As a workaround, client_id and client_secret can be sent in the body, and then this problem does not occur.

cc := clientcredentials.Config {	
		AuthStyle: oauth2.AuthStyleInParams,
}

Possible solution: Make auth style configurable in the Pairing Adapter via environment variable.

The text was updated successfully, but these errors were encountered:

aszecowka added kind/feature Categorizes issue or PR as related to a new feature. area/management-plane Related to all activities around Management Plane labels Feb 21, 2020

aszecowka added this to the Sprint_X-Team_20 milestone Feb 21, 2020

aszecowka self-assigned this Feb 21, 2020

PK85 closed this as completed Mar 2, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Pairing Adapter] - Allow to specify OAuth Style #866

[Pairing Adapter] - Allow to specify OAuth Style #866

aszecowka commented Feb 21, 2020 •

edited

Loading

[Pairing Adapter] - Allow to specify OAuth Style #866

[Pairing Adapter] - Allow to specify OAuth Style #866

Comments

aszecowka commented Feb 21, 2020 • edited Loading

aszecowka commented Feb 21, 2020 •

edited

Loading