You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for pulling together this excellent OAuth package. I've been working on an OAuth integration this evening and spent an hour or so banging my head against a 401 unauthorized response. I compared the request being sent by this package against a (successful) Postman request and saw that the only different was how the client_idand code were being sent. Postman sends the credentials as HTTP Basic Auth headers whilst currently your package sends as query params. Whilst I think this should work, the OAuth provides wasn't happy. I spotted your fix to #128 had been merged to master, though not yet released. If I pin my dependency to your master branch then the 401 error is immediately resolved. To avoid other people potentially bumping into this in the future, and indeed so I can avoid referencing your master branch, could your fix be released officially?
Thanks again!
The text was updated successfully, but these errors were encountered:
It's a simple workaround, but in case it's of use to anyone else, I used this in my custom strategy:
def get_token(client, params, headers) do
client
|> put_header("accept", "application/json")
|> put_header("Authorization", "Basic #{get_token_basic_auth()}")
|> OAuth2.Strategy.AuthCode.get_token(params, headers)
end
defp get_token_basic_auth do
[@client_id, @client_secret] # these are module attributes here as I'm only testing with a sandbox
|> Enum.join(":")
|> Base.encode64()
end
Edit: when looking through client.ex I noticed it already has a basic_auth function, so this is all I needed:
def get_token(client, params, headers) do
client
|> put_header("accept", "application/json")
|> basic_auth()
|> OAuth2.Strategy.AuthCode.get_token(params, headers)
end
Hi Sonny,
Thanks for pulling together this excellent OAuth package. I've been working on an OAuth integration this evening and spent an hour or so banging my head against a
401 unauthorized
response. I compared the request being sent by this package against a (successful) Postman request and saw that the only different was how theclient_id
andcode
were being sent. Postman sends the credentials as HTTP Basic Auth headers whilst currently your package sends as query params. Whilst I think this should work, the OAuth provides wasn't happy. I spotted your fix to #128 had been merged to master, though not yet released. If I pin my dependency to yourmaster
branch then the401
error is immediately resolved. To avoid other people potentially bumping into this in the future, and indeed so I can avoid referencing yourmaster
branch, could your fix be released officially?Thanks again!
The text was updated successfully, but these errors were encountered: