Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fix client_id/client_secret string requirements #171

Merged
merged 2 commits into from
Feb 15, 2018
Merged

Fix client_id/client_secret string requirements #171

merged 2 commits into from
Feb 15, 2018

Conversation

rwe
Copy link
Contributor

@rwe rwe commented Feb 10, 2018

The OAuth2 spec allows these to be zero or more visual ASCII characters.
https://tools.ietf.org/html/draft-ietf-oauth-v2-31#appendix-A.1

VSCHAR = %x20-7E

A.1. "client_id" Syntax
The "client_id" element is defined in Section 2.3.1:
client-id = *VSCHAR

A.2. "client_secret" Syntax
The "client_secret" element is defined in Section 2.3.1:
client-secret = *VSCHAR

This PR includes two changes. The first is to explicitly allow empty strings. (Joi requires this to be explicit). The second commit restricts the character set to the range given in the spec, which is all visual non-control ASCII characters.

Fixes #170

rwe added 2 commits February 9, 2018 19:09
@rwe
Allow empty client_id and client_secret
6f3c25b 
The OAuth2 spec allows these to be zero or more characters.
https://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-2.3.1
@rwe
Restrict client_id and client_secret charsets
79873bd 
The OAuth2 spec allows these to be zero or more visual ASCII characters.
https://tools.ietf.org/html/draft-ietf-oauth-v2-31#appendix-A.1

> VSCHAR = %x20-7E
>
> A.1.  "client_id" Syntax
>    The "client_id" element is defined in Section 2.3.1:
>      client-id     = *VSCHAR
>
> A.2.  "client_secret" Syntax
>    The "client_secret" element is defined in Section 2.3.1:
>      client-secret = *VSCHAR
@rwe rwe force-pushed the client-secret-not-required branch from 55c7972 to 79873bd Compare February 10, 2018 00:46
@jonathansamines jonathansamines merged commit 6a90985 into lelylan:master Feb 15, 2018
@jonathansamines
Copy link
Collaborator

@erydo Thanks, will release a new version as soon as possible.

This was referenced Jan 27, 2020
Closed
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rwe @jonathansamines