Home

Site-Specific Peculiarities

Most frequently you'll need to set oauth2.authConfig.secretInBody = true (or use secret_in_body in your settings dict) because the server expects the client secret in the request body, not the Authorization header. This goes for Github, Instagram, Pinterest, Medium, Strava and others.

Also check out these:

Azure (additional resource parameter)
BitBucket (avoid session cookie)
Dropbox (400 if no Authorization header)
Facebook (URL-query-style response, not JSON)
GitHub (client-id/secret in body)
Google
Facebook, Instagram, Bitly, Pinterest, Twitch, ... (no token type received)
LinkedIn (additional header)
Reddit (refresh token parameter)
Uber (avoid cached responses)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Home

Site-Specific Peculiarities

Clone this wiki locally