Skip to content
Snippets Groups Projects
Commit c3aa6a1e authored by Eric Chiang's avatar Eric Chiang
Browse files

server: correctly decode oauth2 basic auth credentials 

Fixes #336
parent 016445b1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 15 additions and 1 deletion
server/http.go
+ 15
1
View file @ c3aa6a1e
...@@ -434,7 +434,21 @@ func handleTokenFunc(srv OIDCServer) http.HandlerFunc { ...@@ -434,7 +434,21 @@ func handleTokenFunc(srv OIDCServer) http.HandlerFunc {
return return
} }
creds := oidc.ClientCredentials{ID: user, Secret: password} decodedUser, err := url.QueryUnescape(user)
if err != nil {
log.Errorf("error decoding user: %v", err)
writeTokenError(w, oauth2.NewError(oauth2.ErrorInvalidClient), state)
return
}
decodedPassword, err := url.QueryUnescape(password)
if err != nil {
log.Errorf("error decoding password: %v", err)
writeTokenError(w, oauth2.NewError(oauth2.ErrorInvalidClient), state)
return
}
creds := oidc.ClientCredentials{ID: decodedUser, Secret: decodedPassword}
var jwt *jose.JWT var jwt *jose.JWT
var refreshToken string var refreshToken string
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment