[Koha-bugs] [Bug 23146] Add support for Basic auth on the OAuth2 token endpoint
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jun 19 13:44:18 CEST 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23146
--- Comment #4 from Kyle M Hall <kyle at bywatersolutions.com> ---
Created attachment 90778
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=90778&action=edit
Bug 23146: Add support for Basic auth on the OAuth2 token endpoint
The original implementation only contemplated the option to pass the
client_id and client_secret on the request body. It is very common that
clients expect to be able to pass them as a Basic authorization header:
Authorization: Basic encode_base64(client_id:client_secret)
This patch introduces support for this, by:
- Adding a check for the presence of the Authorization header in the
OAuth token request handling code and making that case extract the
client_id and client_secret from the header instead of the original
implementation. No behaviour changes.
- The Auth#under sub is changed so it doesn't go through the
authenticate_api_request chain step, as it would be in conflict with
general Basic authentication.
- Original tests are generalized so they are run in both ways, with the
same expected results.
To test:
- Apply the unit tests patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because the current API doesn't support the feature
- Apply this patch
- Run:
k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
- Sign off :-D
Sponsored-by: ByWater Solutions
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list