Accept plain OAuth2 Bearer Tokens, not base64-encoded #87

llorllale · 2020-12-08T22:18:07Z

I still believe that RFC6750 mandates the base64-encoding of the access_token in the Authorization header but after further research into it I've realized that many if not all vendors process the token in plain form (more precisely, in the same format, byte-for-byte, as was delivered in the access token response (RFC6749 section 4.1.4)).

Client components impacted by this change are:

https://github.com/trustbloc/hub-auth/blob/413a3517d5d5a373780c7f55d7f866456db5a31a/pkg/restapi/operation/operations.go#L806-L833

The text was updated successfully, but these errors were encountered:

llorllale added the type: chore label Dec 8, 2020

llorllale added this to the 0.1.6 milestone Dec 8, 2020

llorllale self-assigned this Dec 8, 2020

llorllale added type: refactor and removed type: chore labels Dec 8, 2020

rolsonquadras modified the milestones: 0.1.6, 0.1.8 Sep 22, 2021

rolsonquadras unassigned llorllale Dec 10, 2021

rolsonquadras removed this from the 0.1.8 milestone Apr 29, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Accept plain OAuth2 Bearer Tokens, not base64-encoded #87

Accept plain OAuth2 Bearer Tokens, not base64-encoded #87

llorllale commented Dec 8, 2020

Accept plain OAuth2 Bearer Tokens, not base64-encoded #87

Accept plain OAuth2 Bearer Tokens, not base64-encoded #87

Comments

llorllale commented Dec 8, 2020