forked from Mirrors/oauth2
Clarify that client credentials are not passed in the URL
The term "query parameters" suggested that the credentials are passed in the URL which is insecure and is actually not true as the credentials are passed in the request body. See36a7019397/internal/token.go (L196)
Change-Id: Id0a83f8d317fed30e18310b30860000109dafe88 GitHub-Last-Rev:3961bc9aff
GitHub-Pull-Request: golang/oauth2#358 Reviewed-on: https://go-review.googlesource.com/c/157877 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
parent
36a7019397
commit
5dab4167f3
|
@ -31,7 +31,7 @@ var NoContext = context.TODO()
|
||||||
// which doesn't support the HTTP Basic authentication
|
// which doesn't support the HTTP Basic authentication
|
||||||
// scheme to authenticate with the authorization server.
|
// scheme to authenticate with the authorization server.
|
||||||
// Once a server is registered, credentials (client_id and client_secret)
|
// Once a server is registered, credentials (client_id and client_secret)
|
||||||
// will be passed as query parameters rather than being present
|
// will be passed as parameters in the request body rather than being present
|
||||||
// in the Authorization header.
|
// in the Authorization header.
|
||||||
// See https://code.google.com/p/goauth2/issues/detail?id=31 for background.
|
// See https://code.google.com/p/goauth2/issues/detail?id=31 for background.
|
||||||
func RegisterBrokenAuthHeaderProvider(tokenURL string) {
|
func RegisterBrokenAuthHeaderProvider(tokenURL string) {
|
||||||
|
|
Loading…
Reference in New Issue