Disable client secret check when no secret is specified
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
d01311abf1
commit
1a1a41d5dc
@ -369,9 +369,7 @@ pub async fn token(
|
|||||||
let (client_id, client_secret) =
|
let (client_id, client_secret) =
|
||||||
match (&query.client_id, &query.client_secret, authorization_header) {
|
match (&query.client_id, &query.client_secret, authorization_header) {
|
||||||
// post authentication
|
// post authentication
|
||||||
(Some(client_id), Some(client_secret), None) => {
|
(Some(client_id), client_secret, None) => (client_id.clone(), client_secret.clone()),
|
||||||
(client_id.clone(), client_secret.to_string())
|
|
||||||
}
|
|
||||||
|
|
||||||
// Basic authentication
|
// Basic authentication
|
||||||
(_, None, Some(v)) => {
|
(_, None, Some(v)) => {
|
||||||
@ -402,8 +400,8 @@ pub async fn token(
|
|||||||
.to_string();
|
.to_string();
|
||||||
|
|
||||||
match decode.split_once(':') {
|
match decode.split_once(':') {
|
||||||
None => (ClientID(decode), "".to_string()),
|
None => (ClientID(decode), None),
|
||||||
Some((id, secret)) => (ClientID(id.to_string()), secret.to_string()),
|
Some((id, secret)) => (ClientID(id.to_string()), Some(secret.to_string())),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -421,7 +419,7 @@ pub async fn token(
|
|||||||
.ok_or_else(|| ErrorUnauthorized("Client not found"))?;
|
.ok_or_else(|| ErrorUnauthorized("Client not found"))?;
|
||||||
|
|
||||||
// Retrieving token requires the client to have a defined secret
|
// Retrieving token requires the client to have a defined secret
|
||||||
if client.secret != Some(client_secret) {
|
if client.secret != client_secret {
|
||||||
return Ok(error_response(
|
return Ok(error_response(
|
||||||
&query,
|
&query,
|
||||||
"invalid_request",
|
"invalid_request",
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user