forgejo-federation/routers
M Hickford 34f509eb7a
Parse OAuth Authorization header when request omits client secret (#21351)
This fixes error "unauthorized_client: invalid client secret" when
client includes secret in Authorization header rather than request body.
OAuth spec permits both.

Sanity validation that client id and client secret in request are
consistent with Authorization header.

Improve error descriptions. Error codes remain the same.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-10-07 10:53:49 +08:00
..
api Add stat to ToCommit function for speed (#21337) 2022-10-06 11:21:04 +08:00
common Rework raw file http header logic (#20484) 2022-07-29 17:26:55 +02:00
install Share HTML template renderers and create a watcher framework (#20218) 2022-08-28 10:43:25 +01:00
private Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663) 2022-10-02 01:26:33 +08:00
utils refactor webhook *NewPost (#20729) 2022-08-11 17:48:23 +02:00
web Parse OAuth Authorization header when request omits client secret (#21351) 2022-10-07 10:53:49 +08:00
init.go Share HTML template renderers and create a watcher framework (#20218) 2022-08-28 10:43:25 +01:00