connect2id / OAuth 2.0 SDK with OpenID Connect extensions / issues / #239 - URL Encoding in ClientSecretBasic — Bitbucket

Issue #239 invalid

Former user created an issue 2018-04-05

The method toHTTPAuthorizationHeader() in the class ClientSecretBasic doesn't need to url encode the client id and secret. If a secret has a char like '/' which would be url encoded in "%2F", the authorization header would have the wrong value.

Comments (1)

Connect2id OSS
- changed status to invalid
The URL encoding is required for basic auth in OAuth 2.0:

https://tools.ietf.org/html/rfc6749#section-2.3.1
- 2018-04-05T16:50:20+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: invalid

Milestone: –

Votes: 0

Watchers: None

Jira: the preferred issue tracker for Bitbucket. Join the team!