Requests with "Basic" auth always return 401

[Larsundso]

Why is that important?

Discord's OAuth2 Token Revocation URL only accepts Basic auth as per RFC7709 standard.
Nirn should support this edgecase for full API coverage.

Code to reproduce (djs)

• Prequisits: Running NIRN Proxy

import { REST, makeURLSearchParams } from '@discordjs/rest';
import { Routes } from 'discord-api-types/v10';

const rest = new REST({ api: NIRN_URL })
 
const revoke = (applicationId, applicationSecret, body) => {
 return rest.post(Routes.oauth2TokenRevocation(), {
  body: makeURLSearchParams(body),
  passThroughBody: true,
  headers: {
   'Content-Type': 'application/x-www-form-urlencoded',
   'Authorization': `Basic ${Buffer.from(`${applicationId}:${applicationSecret}`).toString('base64')}`,
  },
  auth: false,
 })
}

console.log(await revoke(APP_ID, APP_SECRET {
 token: REFRESH_TOKEN,
 token_type_hint: 'refresh_token'
}));

Expected Result

{}

Actual Result

{
  "requestBody": {
    "json": {}
  },
  "rawError": {},
  "status": 401,
  "method": "POST",
  "url": "NIRN_URL/v10/oauth2/token/revoke"
}

[Zoddo]

Discord's OAuth2 Token Revocation URL only accepts Basic auth as per RFC7709 standard.

According to the docs:

All calls to the OAuth2 endpoints require either HTTP Basic authentication or client_id and client_secret supplied in the form data body.

And I can confirm this work because I'm using the revoke endpoint (on logout) with the client id/secret in the body. So if you need a workaround, you can pass it the body.

But yeah, I agree nirn-proxy should support (ignore?) basic auth headers.