haskell/yesod-auth-oauth2
1
0
Fork 0
mirror of https://github.com/freckle/yesod-auth-oauth2.git synced 2026-03-01 02:44:35 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Replace call to fetchAccessToken with fetchAccessToken2

Browse Source 
This comment comes from hoauth2:

-- OAuth2 spec allows `client_id` and `client_secret` to
-- either be sent in the header (as basic authentication)
-- OR as form/url params.
-- The OAuth server can choose to implement only one, or both.
-- Unfortunately, there is no way for the OAuth client (i.e. this library) to
-- know which method to use. Please take a look at the documentation of the
-- service that you are integrating with and either use `fetchAccessToken` or `fetchAccessToken2`

`fetchAccessToken2` is a drop-in replacement for `fetchAccessToken` that just adds `client_id` and `client_secret` to the body as form parameters, as permitted by [RFC 6749](https://tools.ietf.org/html/rfc6749#section-2.3.1). Some authorization server implementations only accept client credentials in this form.
This commit is contained in:
nbloomf 2020-07-08 00:05:14 -05:00
parent ef7c422802
commit f4e57ab7c5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Yesod/Auth/OAuth2/Dispatch.hs
View File

@ -67,7 +67,7 @@ dispatchCallback name oauth2 getCreds = do
code <- requireGetParam "code" code <- requireGetParam "code"
manager <- authHttpManager manager <- authHttpManager
oauth2' <- withCallbackAndState name oauth2 csrf oauth2' <- withCallbackAndState name oauth2 csrf
token <- errLeft $ fetchAccessToken manager oauth2' $ ExchangeToken code token <- errLeft $ fetchAccessToken2 manager oauth2' $ ExchangeToken code
creds <- errLeft $ tryFetchCreds $ getCreds manager token creds <- errLeft $ tryFetchCreds $ getCreds manager token
setCredsRedirect creds setCredsRedirect creds
where where