Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get token with credentials in Authorization header #178

Closed
woutor opened this issue Sep 23, 2017 · 0 comments
Closed

Get token with credentials in Authorization header #178

woutor opened this issue Sep 23, 2017 · 0 comments

Comments

@woutor
Copy link
Contributor

woutor commented Sep 23, 2017

Hi,

I am integrating mozilla-django-oidc with Hydra. I have set up an authorization/consent server and I am able to initiate the OAuth flow using the mozilla_django_oidc.auth.OIDCAuthenticationBackend at my application.

However, at the point that OIDCAuthenticationBackend wants to obtain the token, I get a 400 Client Error in Django, with Hydra logging HTTP authorization header missing or invalid: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed

The problem is documented here. According to the Hydra developers, the client_id and client_secret should be provided in the Authorization header instead of POST parameters.

Right now, I don't see any other way than reimplementing/copying the OIDCAuthenticationBackend.authenticate() method in my custom backend. However, It would be very nice if I could only extend/hook/plug/configure how the client_id and client_secrets are passed to the remote token endpoint.

Thanking you in advance,
Wouter
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johngian @woutor