Support For HTTP Basic Auth hasn't (yet) been officially released

[dvjones89]

Hi Sonny,

Thanks for pulling together this excellent OAuth package. I've been working on an OAuth integration this evening and spent an hour or so banging my head against a 401 unauthorized response. I compared the request being sent by this package against a (successful) Postman request and saw that the only different was how the client_idand code were being sent. Postman sends the credentials as HTTP Basic Auth headers whilst currently your package sends as query params. Whilst I think this should work, the OAuth provides wasn't happy. I spotted your fix to #128 had been merged to master, though not yet released. If I pin my dependency to your master branch then the 401 error is immediately resolved. To avoid other people potentially bumping into this in the future, and indeed so I can avoid referencing your master branch, could your fix be released officially?

Thanks again!

[scrogson]

Excellent! Thanks for pinging me on this. I will work on a new release this week.

[DavidOliver]

I ran into this today. :)

It's a simple workaround, but in case it's of use to anyone else, I used this in my custom strategy:

def get_token(client, params, headers) do
  client
  |> put_header("accept", "application/json")
  |> put_header("Authorization", "Basic #{get_token_basic_auth()}")
  |> OAuth2.Strategy.AuthCode.get_token(params, headers)
end

defp get_token_basic_auth do
  [@client_id, @client_secret]  # these are module attributes here as I'm only testing with a sandbox
  |> Enum.join(":")
  |> Base.encode64()
end

---

Edit: when looking through client.ex I noticed it already has a basic_auth function, so this is all I needed:

def get_token(client, params, headers) do
  client
  |> put_header("accept", "application/json")
  |> basic_auth()
  |> OAuth2.Strategy.AuthCode.get_token(params, headers)
end

[scrogson]

Published 2.0 to hex. Thanks for your patience!