-
-
Notifications
You must be signed in to change notification settings - Fork 360
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Client Credentials Authenticators not compatible with Hydra? #260
Comments
Thank you! Would you be able to provide trace details as well? You can do this by setting |
I think you've hit a Go regression issue. Some time ago they added the ability to auto-detect if the client should send the secrets in the header or in the body. For that, the client basically retries first with header (I think) and then caches the result and tries the body next. So in your case, you're trying the request with the header which is denied. Then, the go oauth2 library caches that, you set the right settings, but due to the cache it tries again with sending it in the body. I think this could be fixed by adding I also believe that if set up correctly right from the start, this issue does not occur which is why tests did not catch this. Could you maybe try the provided code change to see if this resolves your issue? |
That's right, thanks man. I appreciate your quick effort.. |
Just to clarify, the issue was resolved with my findings? In that case I will go ahead and merge the PR. |
Sorry the late, I had to set up the environment. I do confirm that it is fixed. Thanks. |
Describe the bug
I may be missing some configuration, but here is the deal...
I'm trying to use the client_credentials authenticator, calling hydra:444 token endpoint to validation.
But the problem is with the token_endpoint_auth_method, configured in the client. If i set it to client_secret_post, hydra logs will hint me to use the client_secret_basic instead. But if i do so, setting as client_secret_basic, oauthkeeper complains about it, requiring the client_secret_post.
Looks like oauthkeeper are working with two different methods for calling the token endpoint, with doesn't make any sense.
Reproducing the bug
Steps to reproduce the behavior:
Server logs
Server configuration
Expected behavior
It should make the authentication normally.
Environment
The text was updated successfully, but these errors were encountered: