As per https://tools.ietf.org/html/rfc6749#section-2.3.1 client IDs and secrets must be urlencoded in the authorization header. This patch addresses this by wrapping clientID and clientSecret with url.QueryEscape. A dedicated test for unsafe-url client IDs and secrets has been added as well.
Closes#237
Change-Id: I1f277b52caef4932e14147be8fb1712203da51d0
Reviewed-on: https://go-review.googlesource.com/46473
Reviewed-by: JBD <jbd@google.com>
Change I9cfd46787ebfb27cf2775dd3357eb26e089322a3 added
login.microsoft.net as a broken auth header provider. This was meant to
be login.windows.net. This change removes login.microsoft.net and adds
login.windows.net.
Change-Id: I6178053ab5c86b4f38996042384e1f4a139560aa
Reviewed-on: https://go-review.googlesource.com/47250
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Currently the HTTP request does not set the given context.
This change sets the context (if not nil) on the request.
Change-Id: I4bb21636d05050a68ba70ce92f9bf9ba608fbfad
Reviewed-on: https://go-review.googlesource.com/45370
Run-TryBot: Chris Broadfoot <cbro@golang.org>
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
Azure AD applications use login.microsoft.net for token URLs for OAuth
and OpenID Connect. This service expects the OAuth client ID and client
secret in the body of the OAuth exchange request.
Fixes#238
Change-Id: I9cfd46787ebfb27cf2775dd3357eb26e089322a3
Reviewed-on: https://go-review.googlesource.com/47097
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Shopify uses URLs in the form my-shop-id.myshopify.com as the endpoints
for its OAuth2 dances.
Change-Id: I73d98ca285991b2f73dd9d8d366d3fdbe249e741
Reviewed-on: https://go-review.googlesource.com/42630
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
CL/23790 breaks the calls to Facebook, adding Facebook
to the brokens list is reported to fix the problem.
Fixesgolang/oauth2#214.
Change-Id: I3b3440de723b4933bc49b5a52698c825affbf643
Reviewed-on: https://go-review.googlesource.com/36633
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
Creates a new package called clientcredentials and
adds transport and token information to the internal
package. Also modifies the oauth2 package to make
use of the newly added files in the internal package.
The clientcredentials package allows for token requests
using a "client credentials" grant type.
Fixes https://github.com/golang/oauth2/issues/7
Change-Id: Iec649d1029870c27a2d1023baa9d52db42ff45e8
Reviewed-on: https://go-review.googlesource.com/2983
Reviewed-by: Burcu Dogan <jbd@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Tim Cooper
Aeneas Rekkas (arekkas)
voutasaurus
Bastian Ike
Martin Hoefling
Dave Day
Eric Chiang
Jaana Burcu Dogan
Pablo Lalloni
Marin
Diwaker Gupta
Colin Edwards
Andrew Gerrand
Xudong Zhang
Lucien Stuker
Daniel Kerwin
ttacon
Aaron Torres