mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-24 10:46:10 +01:00
14bc4d79c1
Backport #21351 This fixes error "unauthorized_client: invalid client secret" when client includes secret in Authorization header rather than request body. OAuth spec permits both: https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1 Clients in possession of a client password MAY use the HTTP Basic authentication scheme ... Alternatively, the authorization server MAY support including the client credentials in the request-body Sanity validation that client id and client secret in request are consistent with Authorization header. Improve error descriptions. Error codes remain the same. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net> |
||
---|---|---|
.. | ||
admin | ||
auth | ||
dev | ||
events | ||
explore | ||
feed | ||
healthcheck | ||
misc | ||
org | ||
repo | ||
user | ||
auth.go | ||
auth_windows.go | ||
base.go | ||
goget.go | ||
home.go | ||
metrics.go | ||
nodeinfo.go | ||
swagger_json.go | ||
web.go | ||
webfinger.go |