34f509eb7a
This fixes error "unauthorized_client: invalid client secret" when client includes secret in Authorization header rather than request body. OAuth spec permits both. Sanity validation that client id and client secret in request are consistent with Authorization header. Improve error descriptions. Error codes remain the same. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net> |
||
|---|---|---|
| .. | ||
| 2fa.go | ||
| auth.go | ||
| linkaccount.go | ||
| main_test.go | ||
| oauth.go | ||
| oauth_test.go | ||
| openid.go | ||
| password.go | ||
| webauthn.go | ||