OAuth2: use correct Content-Type as specified in RFC

* Token request should use `application/x-www-form-urlencoded`: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3
nolanlawson · Jan 3, 2023 · 3e982cd · 3e982cd
1 parent ff53fca
commit 3e982cd
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/src/routes/_api/oauth.js b/src/routes/_api/oauth.js
@@ -27,11 +27,11 @@ export function generateAuthLink (instanceName, clientId, redirectUri) {
 
 export function getAccessTokenFromAuthCode (instanceName, clientId, clientSecret, code, redirectUri) {
   const url = `${basename(instanceName)}/oauth/token`
-  return post(url, {
-    client_id: clientId,
-    client_secret: clientSecret,
-    redirect_uri: redirectUri,
-    grant_type: 'authorization_code',
-    code
-  }, null, { timeout: WRITE_TIMEOUT })
+  const data = new FormData();
+  data.append('client_id', clientId);
+  data.append('client_secret', clientSecret);
+  data.append('redirect_uri', redirectUri);
+  data.append('grant_type', 'authorization_code');
+  data.append('code', code);
+  return post(url, new URLSearchParams(data), null, { timeout: WRITE_TIMEOUT })
 }
diff --git a/src/routes/_utils/ajax.js b/src/routes/_utils/ajax.js
@@ -51,7 +51,7 @@ async function _fetch (url, fetchOptions, options) {
 async function _putOrPostOrPatch (method, url, body, headers, options) {
   const fetchOptions = makeFetchOptions(method, headers, options)
   if (body) {
-    if (body instanceof FormData) {
+    if (body instanceof FormData || body instanceof URLSearchParams) {
       fetchOptions.body = body
     } else {
       fetchOptions.body = JSON.stringify(body)