https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23146 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #90778|0 |1 is obsolete| | --- Comment #6 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 90780 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=90780&action=edit Bug 23146: Add support for Basic auth on the OAuth2 token endpoint The original implementation only contemplated the option to pass the client_id and client_secret on the request body. It is very common that clients expect to be able to pass them as a Basic authorization header: Authorization: Basic encode_base64(client_id:client_secret) This patch introduces support for this, by: - Adding a check for the presence of the Authorization header in the OAuth token request handling code and making that case extract the client_id and client_secret from the header instead of the original implementation. No behaviour changes. - The Auth#under sub is changed so it doesn't go through the authenticate_api_request chain step, as it would be in conflict with general Basic authentication. - Original tests are generalized so they are run in both ways, with the same expected results. To test: - Apply the unit tests patch - Run: $ kshell k$ prove t/db_dependent/api/v1/oauth.t => FAIL: Tests fail because the current API doesn't support the feature - Apply this patch - Run: k$ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! - Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.