Add a configuration option for the OAuth Endpoint.AuthStyle
#9924
masonelmore
started this conversation in
Ideas
Replies: 1 comment
-
Hi @masonelmore, I was wondering if you'd be able to share with us some more information about the setup that you have so that we can have an easier time trying to replicate the issue |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is your feature request related to a problem? Please describe.
The default
Endpoint.AuthStyle
ingolang.org/x/oauth2
can make it difficult to troubleshoot OAuth configurations. If theAuthStyle
is not configured,oauth2
attempts to detect how the the client ID and client secret should be sent to the IDP. It does this by making a request with the credentials in a header. If that request fails for any reason, it tries again with the credentials in the URL parameters. The problem is, only the error from the second request is returned if both of them fail. In my case, the second failure was always because the auth code was already used. See "Additional context" for more details about my specific issue. See the Endpoint documentation, and how it is implemented in the RetrieveToken function.Describe the solution you'd like
I would like an option to configure the
Endpoint.AuthStyle
in the OAuth Configuration. For example, a<select>
element when overriding the default configuration.Even better would be to default the auth style to what the IDP expects.
Describe alternatives you've considered
I have considered opening an issue in golang/oauth2 about making
RetrieveToken
return both errors.Additional context
I don't know if this affects other IDPs, but I ran into this problem while troubleshooting an Azure App Registration. All I got from the Portainer debug logs was a message about the auth code already being used.
This didn't make sense to me. The auth code should have only been used once. I ended up creating a simple web server to make it easy for me to step through the code a debugger. That's when I noticed the auth style auto-detection in the
oauth2
package. I was able to get the error for the first request.Then it made sense why I saw the other error in the Portainer debug logs.
I was able to fix the App Registration with this new information.
Beta Was this translation helpful? Give feedback.
All reactions