Skip to content
This repository has been archived by the owner on Jun 4, 2019. It is now read-only.

support HTTP Basic Authentication for client authentication #23

Open
mikanmarusan opened this issue Aug 11, 2013 · 3 comments
Open

support HTTP Basic Authentication for client authentication #23

mikanmarusan opened this issue Aug 11, 2013 · 3 comments
Labels
enhancement maybe

Comments

@mikanmarusan
Copy link

Hi, crhym3

It seems that simpleauth supports using client_id / client_secret in the request-body for client authentication.

Howerver, OAuth 2.0 protocol says,

http://tools.ietf.org/html/rfc6749#section-2.3.1

Including the client credentials in the request-body using the two
parameters is NOT RECOMMENDED and SHOULD be limited to clients unable
to directly utilize the HTTP Basic authentication scheme (or other
password-based HTTP authentication schemes)

Please support the HTTP Basic authentication scheme for client authentication, especailly at token endpoint
@x1ddos
Copy link
Owner

x1ddos commented Aug 22, 2013

Hey @mikanmarusan could you clarify which part of the code you are referring to? I suspect you're talking about _get_*_user_info methods but wanted to make sure.

@mikanmarusan
Copy link
Author

Hi, @crhym3
Sorry for the late reply.

I am referring to the _oauth2_callback function in the SimpleAuthHandler class,
https://github.com/crhym3/simpleauth/blob/84620d3db5670a20108d14d5021a42b69020c1e8/simpleauth/handler.py#L216-234

@x1ddos
Copy link
Owner

x1ddos commented Sep 3, 2014

@mikanmarusan care to provide a PR?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement maybe
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@x1ddos @mikanmarusan