node-oauth-shim icon indicating copy to clipboard operation
node-oauth-shim copied to clipboard

Published 20 hours ago verified publisher icon MrSwitch

All OAuth2 access token request body parameters should be URL-encoded

Open zachelrath opened this issue 7 years ago • 1 comments

According to the OAuth 2 spec, section 4.1.3, parameters sent in the Access Token Request body should be URL encoded. Currently the logic in node-oauth-shim is explicitly not encoding parameter values except for redirect_uri, which causes problems when parameters such as client_id or client_secret contain characters that must be URL encoded, and which target token endpoints are expecting to receive URL-encoded.

zachelrath avatar Sep 28 '16 17:09 zachelrath

This is going to take a little while to go through and test it isn't breaking for some services supported by hellojs

MrSwitch avatar Sep 28 '16 18:09 MrSwitch