Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

All OAuth2 access token request body parameters should be URL-encoded #22

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

zachelrath
Copy link

According to the OAuth 2 spec, section 4.1.3, parameters sent in the Access Token Request body should be URL encoded. Currently the logic in node-oauth-shim is explicitly not encoding parameter values except for redirect_uri, which causes problems when parameters such as client_id or client_secret contain characters that must be URL encoded, and which target token endpoints are expecting to receive URL-encoded.

@MrSwitch
Copy link
Owner

This is going to take a little while to go through and test it isn't breaking for some services supported by hellojs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants