New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/oauth2/token endpoint parameter validate. #102
Comments
I like to have a go at this one if that's possible. |
Describe the bugI get a error when access To Reproduce
{
"error": "invalid_client"
}
Debug the code: When I post with When I post without Expect haviorPlease see RFC-6749 section-4.1.3.
The request header has Client Certificate. If the client post with |
Don't carry parameters clientId Inside the header,ohhhhhhhh |
@lizhongyue248 How are you testing the token request? Are you using a specific oauth2 client library or doing it manually, eg. curl? FYI, the oauth2-integration sample works, which uses Spring Security 5.x client. If you are testing manually, eg. curl, then you are likely not creating a valid token request. You really should be using an oauth2 client library instead. |
@louiemondot Thanks for the offer on looking into this. Let's hold off for now until we figure out if this is an issue or not. |
@jgrandja Hi, I test api by Most of the time we need to adapt other oauth2 clients, so it is necessary to have the authorization server decode Base64 Instead of letting the client decode. And this:
|
You can use any oauth2 client library - you do not need to use Spring Security oauth2 client. The authorization server should work with any oauth2 client library. Regarding your comment
Mutual TLS client authentication has not been implemented as of yet so this won't work with current version. Only HTTP Basic is implemented. I'm going to close this as the authorization server is implemented to spec and will (should) work with any oauth2 client library (as long as it is implemented to spec as well). |
Describe the bug
/oauth2/token
endpoint parametercode
url decode.To Reproduce
code
from/oauth2/authorize
endpoint redirect url paramters. The code isIz5jWzV00fcxhIAomMff_COjDsU8o_ifiLrdZK9U4wY%3D
/oauth2/token
, it will give me a errorIz5jWzV00fcxhIAomMff_COjDsU8o_ifiLrdZK9U4wY%3D
, the right code isIz5jWzV00fcxhIAomMff_COjDsU8o_ifiLrdZK9U4wY=
. And use new code to post, it work.Expected behavior
I will get the
code
from url parameter. The code will encode by Base64StringKeyGenerator.I expect
spring security
to help me decode thecode
parameter., otherwise every client must decode it.Maybe I can decode it when not null., or let me custom
codeGenerator
.The text was updated successfully, but these errors were encountered: