fix: OAuth2: use correct `Content-Type` as specified in RFC (#2343)

Co-authored-by: Nolan Lawson <nolan@nolanlawson.com>
This commit is contained in:
vitalyster 2023-01-09 09:31:00 +03:00 committed by GitHub
parent c2851ce104
commit c426b7fe31
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 3 deletions

View File

@ -27,11 +27,13 @@ export function generateAuthLink (instanceName, clientId, redirectUri) {
export function getAccessTokenFromAuthCode (instanceName, clientId, clientSecret, code, redirectUri) { export function getAccessTokenFromAuthCode (instanceName, clientId, clientSecret, code, redirectUri) {
const url = `${basename(instanceName)}/oauth/token` const url = `${basename(instanceName)}/oauth/token`
return post(url, { // Using URLSearchParams here guarantees a content type of application/x-www-form-urlencoded
// See https://fetch.spec.whatwg.org/#bodyinit-unions
return post(url, new URLSearchParams({
client_id: clientId, client_id: clientId,
client_secret: clientSecret, client_secret: clientSecret,
redirect_uri: redirectUri, redirect_uri: redirectUri,
grant_type: 'authorization_code', grant_type: 'authorization_code',
code code
}, null, { timeout: WRITE_TIMEOUT }) }), null, { timeout: WRITE_TIMEOUT })
} }

View File

@ -51,7 +51,7 @@ async function _fetch (url, fetchOptions, options) {
async function _putOrPostOrPatch (method, url, body, headers, options) { async function _putOrPostOrPatch (method, url, body, headers, options) {
const fetchOptions = makeFetchOptions(method, headers, options) const fetchOptions = makeFetchOptions(method, headers, options)
if (body) { if (body) {
if (body instanceof FormData) { if (body instanceof FormData || body instanceof URLSearchParams) {
fetchOptions.body = body fetchOptions.body = body
} else { } else {
fetchOptions.body = JSON.stringify(body) fetchOptions.body = JSON.stringify(body)