third_codes/oauth2
1
0
Fork 0
mirror of https://github.com/golang/oauth2.git synced 2025-07-21 00:00:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Clarify that client credentials are not passed in the URL

Browse Source 
The term "query parameters" suggested that the credentials are passed in the URL which is insecure and is actually not true as the credentials are passed in the request body. See 36a7019397/internal/token.go (L196)

Change-Id: Id0a83f8d317fed30e18310b30860000109dafe88
GitHub-Last-Rev: 3961bc9affcbdb16a6e0b4db58ce0526da8e728b
GitHub-Pull-Request: golang/oauth2#358
Reviewed-on: https://go-review.googlesource.com/c/157877
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Peter Dotchev 2019-01-15 08:29:34 +00:00 committed by Brad Fitzpatrick
parent 36a7019397
commit 5dab4167f3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauth2.go
View File

@ -31,7 +31,7 @@ var NoContext = context.TODO()
// which doesn't support the HTTP Basic authentication
// scheme to authenticate with the authorization server.
// Once a server is registered, credentials (client_id and client_secret)
// will be passed as query parameters rather than being present
// will be passed as parameters in the request body rather than being present
// in the Authorization header.
// See https://code.google.com/p/goauth2/issues/detail?id=31 for background.
func RegisterBrokenAuthHeaderProvider(tokenURL string) {