~sircmpwn/meta.sr.ht#168: 
OAuth 2.0 authorization grant_type checks for "code" instead of "authorization_code"

After getting an authorization code and requesting a token

POST https://meta.sr.ht/oauth2/access-token
Authorization: Basic b64(client_id:client_secret)

grant_type=authorization_code@code=...

I got back this answer:

{"error": "unsupported_grant_type",
"error_description": "Unsupported grant type 'authorization_code'",
"error_uri": "https://man.sr.ht/meta.sr.ht/oauth.md"}

RFC6749 section 4.1.3 states:

grant_type REQUIRED. Value MUST be set to "authorization_code".

The relevant code in metasrht/blueprints/oauth2.py does this:

if grant_type != "code":
    return access_token_error("unsupported_grant_type",
            f"Unsupported grant type '{grant_type}'")
Status
RESOLVED FIXED
Submitter
~zash
Assigned to
No-one
Submitted
10 months ago
Updated
10 months ago
Labels
No labels applied.

~sircmpwn REPORTED FIXED 10 months ago

!

Register here or Log in to comment, or comment via email.