Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #14798: OIDC client plugin uses BasicAuth when accessing the token endpoint

Download Browse

The credentials are no more sent in the body of the request but via the Basic HTTP authentication scheme. This is the recommended way by the OAuth2 framework [0] and the only that OAuth2 authorization servers must implement. No functional change is expected as all OAuth2 authorization servers are expected to support this. [0] https://tools.ietf.org/html/rfc6749#section-2.3.1 Change-Id: I895f3046f386d5a68927eaff7f1e27750bdc1da4

+113 −13
Thomas Gerbet (tgerbet) 2020-04-17 19:12
Thomas Gerbet (tgerbet) 2020-04-17 19:12
9e07b4959edb1407fab5ac72e58bfa20d1d8ae10
c46fd0860be3e0694b6d242ca52d9ebf33676a67
git #tuleap/stable/9e07b4959edb1407fab5ac72e58bfa20d1d8ae10

Modified Files

Side by side diff
Inline diff
Name
M plugins/openidconnectclient/include/OpenIDConnectClient/Authentication/Token/TokenRequestCreator.php +22 −12 Go to diff View file
M plugins/openidconnectclient/include/openidconnectclientPlugin.php +2 −1 Go to diff View file
A src/common/Http/Client/Authentication/BasicAuth.php +43 −0 Go to diff View file
A tests/phpunit/common/Http/Client/BasicAuthTest.php +46 −0 Go to diff View file