Missing decode on client basic authentication #50
Assignees
Comments
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/155510328 The labels on this github issue will be updated when the story is started. |
This was referenced Aug 16, 2019
Repository owner
moved this from Inbox
to Done
in Foundational Infrastructure Working Group
Jan 21, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
see cloudfoundry/uaa#778
The RFC for OAuth requires an URL encode in authorization header, see
https://tools.ietf.org/html/rfc6749#section-2.3
The authorization header needs to be
Authorization: Basic base64Encode(urlencode(client_id):urlencode(client_secret))
UAAC does not encode the authorization header. (client)
UAA does not decode the authorization header (server)
Thus this issue does popup in uaac before, however uaac should behave standard conform.
The text was updated successfully, but these errors were encountered: