Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decode Basic Auth Credentials #536

Closed
joshuarubin opened this issue Jun 22, 2017 · 3 comments
Closed

Decode Basic Auth Credentials #536

joshuarubin opened this issue Jun 22, 2017 · 3 comments
Assignees
@aeneasr
Labels
bug Something is not working. upstream Issue is caused by an upstream dependency.
Milestone
0.10.0

Comments

@joshuarubin
Copy link

It looks like credentials, both client_id and client_secret, should be percent encoded before combining and base64 encoding them for basic authentication according to https://tools.ietf.org/html/rfc6749#section-2.3.1

I have a few clients that don't work with hydra because they do percent encode but hydra doesn't decode.
@eliasgs
Copy link

eliasgs commented Jun 22, 2017

I experienced this as well, but I don't see urlencoding the credentials mentioned in rfc2617#section-2 (even the example given is just base64 encoded). The formulation in rfc6749#section-2.3.1 seems ambiguous on this point, so in my opinion hydra does the right thing following rfc2617.

On the other hand it's an annoying detail that might have some pragmatic solution?

aeneasr pushed a commit that referenced this issue Jun 22, 2017
oauth2: form-urldecode authorization basic header
7bf2e98 
Closes #536
@aeneasr aeneasr mentioned this issue Jun 22, 2017
Merged
@aeneasr aeneasr added bug Something is not working. upstream Issue is caused by an upstream dependency. labels Jun 22, 2017
@aeneasr aeneasr self-assigned this Jun 22, 2017
@aeneasr aeneasr added this to the 1.0.0: stable release milestone Jun 22, 2017
@aeneasr
Copy link
Member

aeneasr commented Jun 22, 2017

It's been addressed in PR #537 but as you might notice the CI fails sometimes due to golang/oauth2#237

aeneasr pushed a commit that referenced this issue Jun 22, 2017
oauth2: form-urldecode authorization basic header
3aba26a 
Closes #536
aeneasr pushed a commit that referenced this issue Jun 22, 2017
oauth2: form-urldecode authorization basic header
dc84238 
Closes #536
aeneasr pushed a commit that referenced this issue Jun 22, 2017
oauth2: form-urldecode authorization basic header
4e73677 
Closes #536
aeneasr pushed a commit that referenced this issue Jun 22, 2017
@arekkas
oauth2: form-urldecode authorization basic header (#537)
0868e80 
Closes #536
@aeneasr
Copy link
Member

aeneasr commented Jun 23, 2017

This is now resolved, please be aware that golang.org/x/oauth2 does not send client id and secret using urlencoding, my patch for this is here: https://go-review.googlesource.com/c/46473/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aeneasr aeneasr

Labels
bug Something is not working. upstream Issue is caused by an upstream dependency.
Projects
None yet
Milestone
0.10.0
Development

No branches or pull requests
3 participants
@joshuarubin @eliasgs @aeneasr