golang
Add ability to use non-escaped header auth style
Some OAuth providers do not adhere to the standard of accepting query escaped credentials when using Basic header auth. If your client ID or client secret contains non-standard URL query characters they will be rejected by the OAuth provider.
The current implementation always query escapes the client_id and client_secret:
req.SetBasicAuth(url.QueryEscape(clientID), url.QueryEscape(clientSecret))
This PR proposes a new AuthStyle AuthStyleInHeaderNoEscape that will pass the credentials unescaped.
This has been raised several times:
https://github.com/golang/oauth2/issues/251
https://github.com/golang/oauth2/issues/318
https://github.com/golang/oauth2/issues/320
but without this feature this library cannot be used against some key OAuth providers.
This PR replaces https://github.com/golang/oauth2/pull/351 which was raised in an early version of the code.
This PR (HEAD: 04dcc31dfd44a128d8d6759c51c3c22038fb09c9) has been imported to Gerrit for code review.
Please visit https://go-review.googlesource.com/c/oauth2/+/291529 to see it.
Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info
Message from Go Bot:
Patch Set 1:
Congratulations on opening your first change. Thank you for your contribution!
Next steps: A maintainer will review your change and provide feedback. See https://golang.org/doc/contribute.html#review for more info and tips to get your patch through code review.
Most changes in the Go project go through a few rounds of revision. This can be surprising to people new to the project. The careful, iterative review process is our way of helping mentor contributors and ensuring that their contributions have a lasting impact.
Please don’t reply on this GitHub thread. Visit golang.org/cl/291529. After addressing review feedback, remember to publish your drafts!
Message from Matt Wielbut:
Patch Set 1:
(1 comment)
Please don’t reply on this GitHub thread. Visit golang.org/cl/291529. After addressing review feedback, remember to publish your drafts!
Message from Andrii Deinega:
Patch Set 1:
(1 comment)
Please don’t reply on this GitHub thread. Visit golang.org/cl/291529. After addressing review feedback, remember to publish your drafts!
Message from Andrii Deinega:
Patch Set 1:
(1 comment)
Please don’t reply on this GitHub thread. Visit golang.org/cl/291529. After addressing review feedback, remember to publish your drafts!
Message from Cody Oss:
Patch Set 1: Code-Review-1
(1 comment)
Please don’t reply on this GitHub thread. Visit golang.org/cl/291529. After addressing review feedback, remember to publish your drafts!
Message from Andrii Deinega:
Patch Set 1:
(1 comment)
Please don’t reply on this GitHub thread. Visit golang.org/cl/291529. After addressing review feedback, remember to publish your drafts!
Message from Andrii Deinega:
Patch Set 1:
(1 comment)
Please don’t reply on this GitHub thread. Visit golang.org/cl/291529. After addressing review feedback, remember to publish your drafts!
Message from Cody Oss:
Patch Set 1: Code-Review-1
(1 comment)
Please don’t reply on this GitHub thread. Visit golang.org/cl/291529. After addressing review feedback, remember to publish your drafts!
They grew tired of saying no, so they said yes and then just no doing it. I am honestly less than impressed (i gave opinion more than a year ago in the source repo)
