feat: remove query escaping of base64 encoded credentials

petexchai · petexchai · commit e011882264de · 2023-11-10T13:53:50.000Z
diff --git a/internal/token.go b/internal/token.go
@@ -196,7 +196,9 @@ func newTokenRequest(tokenURL, clientID, clientSecret string, v url.Values, auth
 	}
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	if authStyle == AuthStyleInHeader {
-		req.SetBasicAuth(url.QueryEscape(clientID), url.QueryEscape(clientSecret))
+		// NOTE: This should be query-escaped, however the Aviva OAuth
+		// server does not accept query-escaped credentials.
+		req.SetBasicAuth(clientID, clientSecret)
 	}
 	return req, nil
 }
diff --git a/oauth2_test.go b/oauth2_test.go
@@ -74,7 +74,7 @@ func TestAuthCodeURL_Optional(t *testing.T) {
 
 func TestURLUnsafeClientConfig(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if got, want := r.Header.Get("Authorization"), "Basic Q0xJRU5UX0lEJTNGJTNGOkNMSUVOVF9TRUNSRVQlM0YlM0Y="; got != want {
+		if got, want := r.Header.Get("Authorization"), "Basic Q0xJRU5UX0lEPz86Q0xJRU5UX1NFQ1JFVD8/"; got != want {
 			t.Errorf("Authorization header = %q; want %q", got, want)
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -196,7 +196,9 @@ func newTokenRequest(tokenURL, clientID, clientSecret string, v url.Values, auth`
`196`	`196`	`}`
`197`	`197`	`req.Header.Set("Content-Type", "application/x-www-form-urlencoded")`
`198`	`198`	`if authStyle == AuthStyleInHeader {`
`199`		`- req.SetBasicAuth(url.QueryEscape(clientID), url.QueryEscape(clientSecret))`
	`199`	`+ // NOTE: This should be query-escaped, however the Aviva OAuth`
	`200`	`+ // server does not accept query-escaped credentials.`
	`201`	`+ req.SetBasicAuth(clientID, clientSecret)`
`200`	`202`	`}`
`201`	`203`	`return req, nil`
`202`	`204`	`}`
Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ func TestAuthCodeURL_Optional(t *testing.T) {`
`74`	`74`
`75`	`75`	`func TestURLUnsafeClientConfig(t *testing.T) {`
`76`	`76`	`ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
`77`		`- if got, want := r.Header.Get("Authorization"), "Basic Q0xJRU5UX0lEJTNGJTNGOkNMSUVOVF9TRUNSRVQlM0YlM0Y="; got != want {`
	`77`	`+ if got, want := r.Header.Get("Authorization"), "Basic Q0xJRU5UX0lEPz86Q0xJRU5UX1NFQ1JFVD8/"; got != want {`
`78`	`78`	`t.Errorf("Authorization header = %q; want %q", got, want)`
`79`	`79`	`}`
`80`	`80`