Hello all,
I've recently been trying to use the OAuth2CodeGrantFlow to get a token
from the JetBrains Hub application (using Hub as my OAuth2 provider).
I'm able to start the auth request and get a code and state from them but
when I try to finish the request, I'm rejected with a 401.
Looking into their issue tracker a bit, I see that someone else reported a
similar issue:
https://youtrack.jetbrains.com/issue/JPS-3030
About midway down that thread, there's a report that someone received the
following while requesting the token in php:
"error" => "invalid_client"
"error_code" => 401
"error_description" => "Authorization header was not passed"
The folks at Jetbrains then said that the OAuth2 standard requires that
there is an Authorization header with the service id, service secret and
auth code passed with the token request. I'm not particularly familiar
with the OAuth2 standard, but they include some links to the standard.
Their claim is that sending the auth code as form params, while currently
accepted by Google, is not OAuth2 compliant.
I believe that Jersey is sending the auth code as form params and not an
auth header.
Is it possible to finish the OAuth2 token request the way that they
describe with the current library?
Thanks,
Matty