You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
or method was renamed to reflect what it actually does.
Paranoiac mode on: security issue can slip in with a misuse as token in headers is for authorization of the request and token in payload is for introspection/revoke/refresh and can be accidentally used to authorize request itself:
Yes you're right, I think this part of the code deserves a refactoring to allow #609 , which is essential to progress on the different ways of client authentication.
oauthlib/oauthlib/oauth2/rfc6749/tokens.py
Lines 240 to 257 in b71636e
It would be much more predictable/cleaner if method either did not fallback to body payload/uri_query on line 255:
oauthlib/oauthlib/oauth2/rfc6749/tokens.py
Lines 254 to 255 in b71636e
or method was renamed to reflect what it actually does.
Paranoiac mode on: security issue can slip in with a misuse as token in headers is for authorization of the request and token in payload is for introspection/revoke/refresh and can be accidentally used to authorize request itself:
oauthlib/oauthlib/oauth2/rfc6749/tokens.py
Lines 337 to 344 in ca57b0b
The text was updated successfully, but these errors were encountered: