forked from mystiq/dex
Merge pull request #357 from ericchiang/query_escape
server: url decode basic auth credentials
This commit is contained in:
commit
38be227aa2
1 changed files with 15 additions and 1 deletions
|
@ -434,7 +434,21 @@ func handleTokenFunc(srv OIDCServer) http.HandlerFunc {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
creds := oidc.ClientCredentials{ID: user, Secret: password}
|
decodedUser, err := url.QueryUnescape(user)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("error decoding user: %v", err)
|
||||||
|
writeTokenError(w, oauth2.NewError(oauth2.ErrorInvalidClient), state)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
decodedPassword, err := url.QueryUnescape(password)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("error decoding password: %v", err)
|
||||||
|
writeTokenError(w, oauth2.NewError(oauth2.ErrorInvalidClient), state)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
creds := oidc.ClientCredentials{ID: decodedUser, Secret: decodedPassword}
|
||||||
|
|
||||||
var jwt *jose.JWT
|
var jwt *jose.JWT
|
||||||
var refreshToken string
|
var refreshToken string
|
||||||
|
|
Loading…
Reference in a new issue