diff --git a/ChangeLog b/ChangeLog index 88dcef3d..ee9c7914 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 09/09/2024 - fix accepting custom cookie names in OIDCOAuthAcceptTokenAs cookie:; see #1261; thanks @bbartke - bump to 2.4.16.4rc0 +- improve basic authentication parsing when using OIDCOAuthAcceptTokenAs basic 09/06/2024 - allow overriding globally set OIDCCacheType back to shm in vhosts diff --git a/src/oauth.c b/src/oauth.c index b25d2e41..cea93932 100644 --- a/src/oauth.c +++ b/src/oauth.c @@ -210,10 +210,10 @@ apr_byte_t oidc_oauth_get_bearer_token(request_rec *r, const char **access_token oidc_debug(r, "authorization header found"); apr_byte_t known_scheme = 0; + char *scheme = ap_getword(r->pool, &auth_line, OIDC_CHAR_SPACE); /* look for the Bearer keyword */ - if ((_oidc_strnatcasecmp(ap_getword(r->pool, &auth_line, OIDC_CHAR_SPACE), OIDC_PROTO_BEARER) == - 0) && + if ((_oidc_strnatcasecmp(scheme, OIDC_PROTO_BEARER) == 0) && (accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_HEADER)) { /* skip any spaces after the Bearer keyword */ @@ -226,7 +226,8 @@ apr_byte_t oidc_oauth_get_bearer_token(request_rec *r, const char **access_token known_scheme = 1; - } else if (accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_BASIC) { + } else if ((_oidc_strnatcasecmp(scheme, OIDC_PROTO_BASIC) == 0) && + (accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_BASIC)) { char *decoded_line; int decoded_len; @@ -244,7 +245,7 @@ apr_byte_t oidc_oauth_get_bearer_token(request_rec *r, const char **access_token } if (known_scheme == 0) { - oidc_warn(r, "client used unsupported authentication scheme: %s", r->uri); + oidc_warn(r, "client used unsupported authentication scheme: %s", scheme); } } }