~sircmpwn/meta.sr.ht#168: OAuth 2.0 authorization grant_type checks for "code" instead of "authorization_code"

After getting an authorization code and requesting a token

POST https://meta.sr.ht/oauth2/access-token
Authorization: Basic b64(client_id:client_secret)

grant_type=authorization_code@code=...

I got back this answer:

{"error": "unsupported_grant_type",
"error_description": "Unsupported grant type 'authorization_code'",
"error_uri": "https://man.sr.ht/meta.sr.ht/oauth.md"}

RFC6749 section 4.1.3 states:

grant_type REQUIRED. Value MUST be set to "authorization_code".

The relevant code in metasrht/blueprints/oauth2.py does this:

if grant_type != "code":
    return access_token_error("unsupported_grant_type",
            f"Unsupported grant type '{grant_type}'")

Status: RESOLVED FIXED
Submitter: ~zash
Assigned to: No-one
Submitted: 2 years ago
Updated: 2 years ago
Labels: No labels applied.

~sircmpwn/meta.sr.ht#168: OAuth 2.0 authorization grant_type checks for "code" instead of "authorization_code"

~sircmpwn REPORTED FIXED 2 years ago

~sircmpwn/meta.sr.ht#168:

OAuth 2.0 authorization grant_type checks for "code" instead of "authorization_code"