Parse OAuth Authorization header when request omits client secret (#21351) - gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

diff options

author	M Hickford <mirth.hickford@gmail.com>	2022-10-07 03:53:49 +0100
committer	GitHub <noreply@github.com>	2022-10-07 10:53:49 +0800
commit	34f509eb7a48e698114261de323834482553a98c (patch)
tree	f3ab567fa99c97b0aafa3833e5c964f7e6679b6b /models/migrations
parent	f09f73d784eb3a51da3d108f8be5116441cbd73d (diff)
download	gitea-34f509eb7a48e698114261de323834482553a98c.tar.gz gitea-34f509eb7a48e698114261de323834482553a98c.zip

Parse OAuth Authorization header when request omits client secret (#21351)

This fixes error "unauthorized_client: invalid client secret" when client includes secret in Authorization header rather than request body. OAuth spec permits both. Sanity validation that client id and client secret in request are consistent with Authorization header. Improve error descriptions. Error codes remain the same. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net>

Diffstat (limited to 'models/migrations')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: