Summary
OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders does not work properly if client credentials contain special characters. From RFC 6749:
Clients in possession of a client password MAY use the HTTP Basic
authentication scheme as defined in [RFC2617] to authenticate with
the authorization server. The client identifier is encoded using the
"application/x-www-form-urlencoded" encoding algorithm per
Appendix B, and the encoded value is used as the username; the client
password is encoded using the same algorithm and used as the
password.
Actual Behavior
The client with client name or password containing special characters cannot login. The provider returns exception.
Expected Behavior
The client with client name or password containing special characters can be authenticated.
Configuration Sample
spring.security.oauth2.client.registration.sth.client-secret = sthUI=+2~fubar
Where
org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(ClientRegistration)
Related
This is related to spring-attic/spring-security-oauth#1826
Summary
OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders does not work properly if client credentials contain special characters. From RFC 6749:
Actual Behavior
The client with client name or password containing special characters cannot login. The provider returns exception.
Expected Behavior
The client with client name or password containing special characters can be authenticated.
Configuration Sample
spring.security.oauth2.client.registration.sth.client-secret = sthUI=+2~fubar
Where
org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationGrantRequestEntityUtils.getTokenRequestHeaders(ClientRegistration)
Related
This is related to spring-attic/spring-security-oauth#1826