feat: OAuth 2.0 Client Credentials Basic Auth #2164
Conversation
pietrygamat
changed the title
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
2 times, most recently
from
8a24c7f to
684a4bb
Compare
| import { useDispatch } from 'react-redux'; | ||
| import { humanizeOAuth2ClientSecretMethod } from 'utils/collections'; | ||
|
|
||
| const ClientCredentialsMethodSelector = ({ item, collection, oAuth }) => { |
There was a problem hiding this comment.
The same component is used in RequestPane and in CollectionSettings/Auth. While the convention in the project seems to be using duplicate, almost identical components, I feel this approach is easier to manage. Perhaps it should be moved into a different location then?
There was a problem hiding this comment.
seconded - perhaps we should have a shared components directory
| request.data = { | ||
| grant_type: 'password', | ||
| username, | ||
| password, | ||
| client_id: clientId, | ||
| client_secret: clientSecret, | ||
| scope | ||
| }; |
There was a problem hiding this comment.
I am pretty sure the interpolate-vars has no business updating request.data like this. The oauth2-helper knows best what is and what is not to be included in request data, right?
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
from
c4c8e2b to
54527fe
Compare
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
2 times, most recently
from
65cc7cc to
050b588
Compare
|
Much Needed! |
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
from
050b588 to
6e47aff
Compare
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
4 times, most recently
from
636f545 to
99a82de
Compare
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
from
99a82de to
ab91302
Compare
|
Rebased and slightly simplified. It should be more clear what is happening in oauth2 helper. |
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
from
ab91302 to
61e36b4
Compare
|
Looks good, when can we expect this to be merged (and available in the main package)? |
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
from
61e36b4 to
a137f95
Compare
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
from
a137f95 to
47c4eeb
Compare
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
from
47c4eeb to
316f8fd
Compare
|
This is a significant PR, and we need some time to thoroughly review it. Enhancing the OAuth 2.0 interface is a top priority for us in September 2024. We’ll provide more updates in the coming days. |
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
from
316f8fd to
06dae8f
Compare
| export const humanizeOAuth2ClientSecretMethod = (mode) => { | ||
| let label = 'N/A'; | ||
| switch (mode) { | ||
| case 'client_credentials_basic': { | ||
| label = 'As Basic Auth Header'; | ||
| break; | ||
| } | ||
| case 'client_credentials_post': { | ||
| label = 'In Request Body'; | ||
| break; | ||
| } | ||
| } | ||
|
|
||
| return label; | ||
| }; |
There was a problem hiding this comment.
TODO: move to i18n/translation, but this should best be done in separate PR
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
from
06dae8f to
23cfb49
Compare
May I ask if there are any news on this? :-) |
Adds additional configuration field for oauth2 in bru schema, allowing users to decide whether to include client credentials in request's Authorization header or in its body as application/x-www-form-urlencoded parameters
Update OAuth2 request logic to make use of client_secret_method option
Add GUI controls for selecting client_secret_method
pietrygamat
force-pushed
the
feature/oauth2-basic-auth
branch
from
23cfb49 to
f434d63
Compare
Description
With this change the OAuth2 authorization on request and collection level is now including additional configuration option for handling client credentials when accessing token endpoint. This applies to all currently supported grant_types.
The new default option is to send the credentials as
Authorization: Basicheader:The old behavior to include them in the request body is still available.
resolves #2106
#1003
Contribution Checklist:
Note: Keeping the PR small and focused helps make it easier to review and merge. If you have multiple changes you want to make, please consider submitting them as separate pull requests.
Publishing to New Package Managers
Please see here for more information.