[openstreetmap/openstreetmap-website] oauth_filter intercepts OAuth2.0 endpoints meant for Doorkeeper (#3245)
mmd
notifications at github.com
Fri Jul 2 15:54:52 UTC 2021
That's interesting. When I [tested](https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706737557) this endpoint last year in October, it happily accepted the following request:
`curl -F client_id=zQyq4UbbrCMjShugI1BbYmJ_JQZKnDLj3iZjMVSEB8o -F client_secret=rTDU2cPJ284WL41yYIiPXqzvre2MXjovU3B4WX-zbN4 -F token=ASIKSMtZ67n2d7FaM5pYRQOLkNqZOfaYDQn-aB1OCCE -X POST http://localhost:3000/oauth2/introspect`
Now with the current code in place, I need to use:
```
curl --location --request POST 'http://localhost:3000/oauth2/introspect' \
--header 'Authorization: Bearer xNxih4jQ2s9rAJ_IeHr3XhupQFkv4B3EwchxVEXhVvg' \
--data-urlencode 'token=xNxih4jQ2s9rAJ_IeHr3XhupQFkv4B3EwchxVEXhVvg'
```
(curl automatically figured out it needs to set Content-Type: application/x-www-form-urlencoded)
And, yes, I'm getting the same HTTP 401 error.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3245#issuecomment-873097852
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210702/c02ac964/attachment.htm>
More information about the rails-dev
mailing list