Make enable_client_secret work #3
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix other tests which the above fix broke Add test to prove that invalid client_id isn't granted a token
…client_secret is true.
no client_secret is specified in the request
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
enable_client_secret and validate_client_secret doesn't appear to have worked in the past. validate_client_secret was never called because enable_client_secret was never loaded/respected out of the package config for the provider (verify_client_secret ... if $self->enable_client_secret in CatalystX::OAuth2::Request::RequestAuth). Fixed this by loading the config for the request/grant action roles - I think (but am not sure) that this was the intention, based on the config structure?
This patch requires my previous patch in order to work (#2). I'm not sure if I've done this correctly as the previous patch is included in the review - I created a new branch off my previous fix's branch, so it makes sense - but not sure if that's the correct flow.