M Hickford 14bc4d79c1 Parse OAuth Authorization header when request omits client secret (#21351) (#21374) ... Backport #21351 This fixes error "unauthorized_client: invalid client secret" when client includes secret in Authorization header rather than request body. OAuth spec permits both: https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1 Clients in possession of a client password MAY use the HTTP Basic authentication scheme ... Alternatively, the authorization server MAY support including the client credentials in the request-body Sanity validation that client id and client secret in request are consistent with Authorization header. Improve error descriptions. Error codes remain the same. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net>		2022-10-08 16:53:17 +08:00
..
2fa.go
auth.go	Prevent NPE when cache service is disabled (#19703)	2022-05-21 22:29:49 +08:00
linkaccount.go	Move almost all functions' parameter db.Engine to context.Context (#19748)	2022-05-20 22:08:52 +08:00
main_test.go	Use a struct as test options (#19393)	2022-04-14 21:58:21 +08:00
oauth.go	Parse OAuth Authorization header when request omits client secret (#21351) (#21374)	2022-10-08 16:53:17 +08:00
oauth_test.go	Use DisplayName() instead of FullName in Oauth provider (#19991)	2022-06-16 23:29:54 +01:00
openid.go	Move almost all functions' parameter db.Engine to context.Context (#19748)	2022-05-20 22:08:52 +08:00
password.go	Prevent NPE when cache service is disabled (#19703)	2022-05-21 22:29:49 +08:00
webauthn.go	WebAuthn CredentialID field needs to be increased in size (#20530) (#20555)	2022-07-30 20:16:25 +02:00