client_secret_basic encoding changed for token endpint? #524
-
|
I'm trying to update from an old version of mod_auth_openidc to a recent version. However, I find that I have problems with some existing client configurations, where the client secret in my .client configuration file seems to be encoded differently with a recent version than it was sent using an older version of the module. (The old one didn't have dependencies to libcjose.so nor libhiredis.so yet.) Was there (ever) any change in how the config files are read and or the client secret is being converted to base64 for "token_endpoint_auth" : "client_secret_basic"? Note that the client secrets in qeustion only contains pretty trivial characters, such as letters and a smiley, think "greatSecret:-)" Thanks for any hints |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
there was an update at some point to correctly urlencode the secret before sending it, because the spec requires clients to do so; some OPs out there indeed do not correctly process it (yet) but if they're OpenID Certified (as well) that should work |
Beta Was this translation helpful? Give feedback.
-
|
Thanks. I think I found that in the release notes for 2.4.0: |
Beta Was this translation helpful? Give feedback.
there was an update at some point to correctly urlencode the secret before sending it, because the spec requires clients to do so; some OPs out there indeed do not correctly process it (yet) but if they're OpenID Certified (as well) that should work