Client secret is dropped from the authorize API call #252

dasuni-30 · 2024-07-23T09:32:40Z

Describe the issue:
Even if we pass the client secret along with the client id to the authorize API call, the client secret is dropped from the authorize API call in the auth-js-core level.

curl --location 'https://api.asgardeo.io/t/websdk/oauth2/authorize' \
--data-urlencode 'response_type=code' \
--data-urlencode 'client_id=XXX' \
--data-urlencode 'client_secret=XXX' \
--data-urlencode 'scope=openid internal_login profile' \
--data-urlencode 'redirect_uri=http://localhost:3000' \
--data-urlencode 'response_mode=direct' \
--data-urlencode 'code_challenge_method=S256' \
--data-urlencode 'code_challenge=XXX' \
--data-urlencode 'state=request_6'

How to reproduce:
Try the authorize API call with client id and client secret.

Expected behavior:
We should be able to send the client secret since we are using the auth-js-core in both frontend(ex: react) and backend(ex: nodejs) frameworks

The text was updated successfully, but these errors were encountered:

dasuni-30 added the bug Something isn't working label Jul 23, 2024

pavinduLakshan added the test-automation-required The issue/s fixed with this effort need to be covered with automated test label Jul 23, 2024

dasuni-30 self-assigned this Jul 24, 2024

dasuni-30 mentioned this issue Jul 24, 2024

Fix client secret dropping issue from the js-core level #253

Merged

dasuni-30 closed this as completed Aug 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Client secret is dropped from the authorize API call #252

Client secret is dropped from the authorize API call #252

dasuni-30 commented Jul 23, 2024 •

edited by brionmario

Loading

Client secret is dropped from the authorize API call #252

Client secret is dropped from the authorize API call #252

Comments

dasuni-30 commented Jul 23, 2024 • edited by brionmario Loading

dasuni-30 commented Jul 23, 2024 •

edited by brionmario

Loading