-
-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP PATCH request made to resource server does not have a body #222
Comments
I agree it should be handled, but i'd like to point out that as-is it's not declared as supported, both docs and types declare only GET and POST are supported. I'm fine with adding more supported http methods but that said we're also only supporting |
Ah thanks for the response. I hadn't noticed that only GET and POST were defined in the types https://github.com/panva/node-openid-client/blob/0ab81fa0fae20533996953dd1a278fe6ebcc93ef/types/index.d.ts#L416 I think it would be valuable to support the full range of HTTP verbs, since some REST APIs make use of all of them. Regarding the content encoding, I seem to be able to send a JSON payload, and set the Content-type header no problem. I am sending the authorization in the header not the body though, so I guess it won't work if I had to send the access_token as part of the body. |
This deprecates the `params` option (that was never documented anyway!) and introduces separate `query` and `body` options, by default all bodies use `x-www-form-urlencoded` encoding unless the `json` option is set to `true`. closes #222
Please see d713512 and come back with feedback. Thank you. |
This deprecates the `params` option (that was never documented anyway!) and introduces separate `query` and `body` options, by default all bodies use `x-www-form-urlencoded` encoding unless the `json` option is set to `true`. closes #222
Hello, @panva |
Yeah, you should be able to pass
This is don't follow at all. ^9.6.0 is the only Bottom line, tho, i don't want to deal with any of this body / response encoding, so i'll be removing the |
This seems reasonable, the only value added when the openid-client library manipulates the body is adding the access token in the correct parameter. I don't think it's worth it for the added complexity. |
We were hoping that it wasn't a very breaking upgrade, but it was. |
This deprecates the `client.resource()` method. closes #222
I took a stab at this in b4ec0d8, i have to deprecate the resource method because it was just too messy to fix it. One can now pass headers as an object via options, query as part of the first argument which can now be a |
This deprecates the `client.resource()` method. closes #222
This deprecates the `client.resource()` method. closes #222
Thanks @panva , I hope to take a look at this later in the week. |
Describe the bug
When making an HTTP PATCH request using the
resource()
method of theClient
object, the request params are transmitted as query parameters instead of being included in the request body. MSDN guidelines indicate that POST, PATCH and PUT should all have a request body. This is causing my request to fail, since the resource server in question is expecting a request body.One can see that in the
resource()
method, only a POST request will have a body, and for the other verbs the params are transmitted as query parameters, which I believe is incorrect.https://github.com/panva/node-openid-client/blob/0ab81fa0fae20533996953dd1a278fe6ebcc93ef/lib/client.js#L1020
To Reproduce
I'll try to publish a minimal reproduction of the issue shortly
Issuer and Client configuration: (inline or gist) - Don't forget to redact your secrets.
Steps to reproduce the behaviour:
Expected behaviour
HTTP PATCH and PUT requests made to a resource server using the
resource()
method should have a request body.Environment:
Additional context
The text was updated successfully, but these errors were encountered: