thibaud-lclr/api-client
1
0
Fork 0
Code Packages Activity Actions

fix(common): oauth2 basic header encoding (#4927)

Browse source
This commit is contained in:
Christoffer Hjalmarsson 2025-03-28 09:16:22 +01:00 committed by GitHub
parent 9e541a8a4b
commit 0c361faeab
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
packages/hoppscotch-common/src/services/oauth/flows/clientCredentials.ts
View file

@ -177,7 +177,10 @@ const getPayloadForViaBasicAuthHeader = (
): RelayRequest => {
const { clientID, clientSecret, scopes, authEndpoint } = payload
const basicAuthToken = btoa(`${clientID}:${clientSecret}`)
// RFC 6749 Section 2.3.1 states that the client ID and secret should be URL encoded.
const encodedClientID = encodeBasicAuthComponent(clientID)
const encodedClientSecret = encodeBasicAuthComponent(clientSecret || "")
const basicAuthToken = btoa(`${encodedClientID}:${encodedClientSecret}`)
return {
id: Date.now(),
@ -218,3 +221,9 @@ const getPayloadForViaBody = (
}),
}
}
const encodeBasicAuthComponent = (component: string): string => {
// application/x-www-form-urlencoded expects spaces to be encoded as '+', but
// encodeURIComponent encodes them as '%20'.
return encodeURIComponent(component).replace(/%20/g, "+")
}