Client credentials are included in the request body [NOT RECOMMENDED] #85

samskiter · 2015-01-14T13:54:37Z

i've brought this up before:

Including the client credentials in the request body using the two
parameters is NOT RECOMMENDED, and SHOULD be limited to clients
unable to directly utilize the HTTP Basic authentication scheme (or
other password-based HTTP authentication schemes). The parameters
can only be transmitted in the request body and MUST NOT be included
in the request URI.

AFNetworking already supports basic auth headers so this shouldn't be hard to change.

…conditionally encode client credentials in Base64-encoded HTTP Authorization header field, rather than in body of request.

mattt · 2015-03-02T15:19:49Z

Fixed by 412d256.

This was referenced Jan 21, 2015

Client secret should not be mandatory #86

Closed

[Issue 85] by default, use http basic auth to include client credentials in requests #87

Closed

mattt added a commit that referenced this issue Mar 2, 2015

[Issue #85][Issue #87] Adding useHTTPBasicAuthentication property to …

412d256

…conditionally encode client credentials in Base64-encoded HTTP Authorization header field, rather than in body of request.

mattt closed this as completed Mar 2, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Client credentials are included in the request body [NOT RECOMMENDED] #85

Client credentials are included in the request body [NOT RECOMMENDED] #85

samskiter commented Jan 14, 2015

mattt commented Mar 2, 2015

Client credentials are included in the request body [NOT RECOMMENDED] #85

Client credentials are included in the request body [NOT RECOMMENDED] #85

Comments

samskiter commented Jan 14, 2015

mattt commented Mar 2, 2015