Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to submit client_id & client_secret via Authorization header to token endpoint #16

Open
rcbjBlueMars opened this issue Oct 19, 2023 · 2 comments
Assignees

Comments

@rcbjBlueMars
Copy link
Contributor

No description provided.

@bigfleet
Copy link
Collaborator

@rcbjBlueMars Confirming that you are expecting something of the form:

curl  
-H 'Authorization: Basic 0xFeeDdEAdBeefDeadBeEf' 
--request POST http://host:port/token 
-d '...'

... where the basic header is base64encoded(client_id:client_secret).

The base64 encoding would prevent a 'debugging' of the original client values separately, but could obviously include the encoded content header.

@rcbjBlueMars
Copy link
Contributor Author

I believe that is what we want, yes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants