fix: OAuth2: use correct `Content-Type` as specified in RFC (#2343)

Co-authored-by: Nolan Lawson <nolan@nolanlawson.com>
pull/2354/head
vitalyster 2023-01-09 09:31:00 +03:00 zatwierdzone przez GitHub
rodzic c2851ce104
commit c426b7fe31
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
2 zmienionych plików z 5 dodań i 3 usunięć

Wyświetl plik

@ -27,11 +27,13 @@ export function generateAuthLink (instanceName, clientId, redirectUri) {
export function getAccessTokenFromAuthCode (instanceName, clientId, clientSecret, code, redirectUri) {
const url = `${basename(instanceName)}/oauth/token`
return post(url, {
// Using URLSearchParams here guarantees a content type of application/x-www-form-urlencoded
// See https://fetch.spec.whatwg.org/#bodyinit-unions
return post(url, new URLSearchParams({
client_id: clientId,
client_secret: clientSecret,
redirect_uri: redirectUri,
grant_type: 'authorization_code',
code
}, null, { timeout: WRITE_TIMEOUT })
}), null, { timeout: WRITE_TIMEOUT })
}

Wyświetl plik

@ -51,7 +51,7 @@ async function _fetch (url, fetchOptions, options) {
async function _putOrPostOrPatch (method, url, body, headers, options) {
const fetchOptions = makeFetchOptions(method, headers, options)
if (body) {
if (body instanceof FormData) {
if (body instanceof FormData || body instanceof URLSearchParams) {
fetchOptions.body = body
} else {
fetchOptions.body = JSON.stringify(body)