Use basic auth for Authelia token exchange
This commit is contained in:
parent
1d68639225
commit
56d279a8e6
2 changed files with 23 additions and 1 deletions
|
|
@ -143,13 +143,13 @@ func (a *AutheliaAdapter) exchangeCode(_ context.Context, code string) (*tokenRe
|
|||
body.Set("code", code)
|
||||
body.Set("redirect_uri", a.cfg.RedirectURI)
|
||||
body.Set("client_id", a.cfg.ClientID)
|
||||
body.Set("client_secret", a.cfg.ClientSecret)
|
||||
|
||||
req, err := http.NewRequest(http.MethodPost, tokenURL, strings.NewReader(body.Encode()))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("authelia: build token request: %w", err)
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.SetBasicAuth(a.cfg.ClientID, a.cfg.ClientSecret)
|
||||
|
||||
resp, err := a.client.Do(req)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import (
|
|||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
|
|
@ -179,6 +180,27 @@ func TestHandleCallback_Success_PreferredUsername(t *testing.T) {
|
|||
if req.Method != http.MethodPost {
|
||||
t.Errorf("expected POST, got %s", req.Method)
|
||||
}
|
||||
gotID, gotSecret, ok := req.BasicAuth()
|
||||
if !ok {
|
||||
t.Error("expected client_secret_basic authentication")
|
||||
}
|
||||
if gotID != "keycape" || gotSecret != "test-secret" {
|
||||
t.Errorf("unexpected basic auth credentials for client %q", gotID)
|
||||
}
|
||||
rawBody, err := io.ReadAll(req.Body)
|
||||
if err != nil {
|
||||
t.Fatalf("read request body: %v", err)
|
||||
}
|
||||
form, err := url.ParseQuery(string(rawBody))
|
||||
if err != nil {
|
||||
t.Fatalf("parse request body: %v", err)
|
||||
}
|
||||
if form.Get("client_secret") != "" {
|
||||
t.Error("client_secret must not be sent in the form body")
|
||||
}
|
||||
if form.Get("client_id") != "keycape" {
|
||||
t.Errorf("client_id: want keycape, got %q", form.Get("client_id"))
|
||||
}
|
||||
return jsonResponse(tokenBody), nil
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue