Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quoting (URL-encoding) Base authentication username / password is incorrect #629

Open
igielski opened this issue Feb 21, 2024 · 0 comments
Open

Quoting (URL-encoding) Base authentication username / password is incorrect #629

igielski opened this issue Feb 21, 2024 · 0 comments
Assignees
@lepture
Labels
bug

Comments

@igielski
Copy link

Describe the bug

Version 1.3.0 introduces a change in the encoding of the Basic Authentication header (commit d2d1f49). In the comment to the commit you're mentioning this RFC section: https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1, but I think that rather this one is applicable:
https://datatracker.ietf.org/doc/html/rfc2617#section-2

I've never seen basic auth username and password being url encoded before. The servers (e.g. cloud foundry UAA) seem to reject such requests. It also doesn't make sense to url-encode it if it's then base64-encoded

Error Stacks

--

To Reproduce

A minimal example to reproduce the behavior:
happens always in version 1.3.0 if basic authentication is used to get a token.

Expected behavior

Basic authentication username and password shouldn't be URL encoded before being base64 encoded.

Environment:

  • OS: Linux / Mac OSX
  • Python Version: 3.11
  • Authlib Version: 1.3.0

Additional context

--
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lepture lepture

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lepture @igielski