You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've never seen basic auth username and password being url encoded before. The servers (e.g. cloud foundry UAA) seem to reject such requests. It also doesn't make sense to url-encode it if it's then base64-encoded
Error Stacks
--
To Reproduce
A minimal example to reproduce the behavior:
happens always in version 1.3.0 if basic authentication is used to get a token.
Expected behavior
Basic authentication username and password shouldn't be URL encoded before being base64 encoded.
Environment:
OS: Linux / Mac OSX
Python Version: 3.11
Authlib Version: 1.3.0
Additional context
--
The text was updated successfully, but these errors were encountered:
Describe the bug
Version
1.3.0
introduces a change in the encoding of the Basic Authentication header (commit d2d1f49). In the comment to the commit you're mentioning this RFC section: https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1, but I think that rather this one is applicable:https://datatracker.ietf.org/doc/html/rfc2617#section-2
I've never seen basic auth username and password being url encoded before. The servers (e.g. cloud foundry UAA) seem to reject such requests. It also doesn't make sense to url-encode it if it's then base64-encoded
Error Stacks
To Reproduce
A minimal example to reproduce the behavior:
happens always in version 1.3.0 if basic authentication is used to get a token.
Expected behavior
Basic authentication username and password shouldn't be URL encoded before being base64 encoded.
Environment:
Additional context
--
The text was updated successfully, but these errors were encountered: