Commit 38be227a authored by Eric Chiang's avatar Eric Chiang

Merge pull request #357 from ericchiang/query_escape

server: url decode basic auth credentials
parents 016445b1 c3aa6a1e
......@@ -434,7 +434,21 @@ func handleTokenFunc(srv OIDCServer) http.HandlerFunc {
return
}
creds := oidc.ClientCredentials{ID: user, Secret: password}
decodedUser, err := url.QueryUnescape(user)
if err != nil {
log.Errorf("error decoding user: %v", err)
writeTokenError(w, oauth2.NewError(oauth2.ErrorInvalidClient), state)
return
}
decodedPassword, err := url.QueryUnescape(password)
if err != nil {
log.Errorf("error decoding password: %v", err)
writeTokenError(w, oauth2.NewError(oauth2.ErrorInvalidClient), state)
return
}
creds := oidc.ClientCredentials{ID: decodedUser, Secret: decodedPassword}
var jwt *jose.JWT
var refreshToken string
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment