From 3e982cdb1874b5b51173559f533d9cf00524f65d Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Tue, 3 Jan 2023 04:19:50 +0300 Subject: [PATCH] OAuth2: use correct `Content-Type` as specified in RFC * Token request should use `application/x-www-form-urlencoded`: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3 --- src/routes/_api/oauth.js | 14 +++++++------- src/routes/_utils/ajax.js | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/routes/_api/oauth.js b/src/routes/_api/oauth.js index 57824eec5..440952b3d 100644 --- a/src/routes/_api/oauth.js +++ b/src/routes/_api/oauth.js @@ -27,11 +27,11 @@ export function generateAuthLink (instanceName, clientId, redirectUri) { export function getAccessTokenFromAuthCode (instanceName, clientId, clientSecret, code, redirectUri) { const url = `${basename(instanceName)}/oauth/token` - return post(url, { - client_id: clientId, - client_secret: clientSecret, - redirect_uri: redirectUri, - grant_type: 'authorization_code', - code - }, null, { timeout: WRITE_TIMEOUT }) + const data = new FormData(); + data.append('client_id', clientId); + data.append('client_secret', clientSecret); + data.append('redirect_uri', redirectUri); + data.append('grant_type', 'authorization_code'); + data.append('code', code); + return post(url, new URLSearchParams(data), null, { timeout: WRITE_TIMEOUT }) } diff --git a/src/routes/_utils/ajax.js b/src/routes/_utils/ajax.js index 6ecf171a9..e47dc2c23 100644 --- a/src/routes/_utils/ajax.js +++ b/src/routes/_utils/ajax.js @@ -51,7 +51,7 @@ async function _fetch (url, fetchOptions, options) { async function _putOrPostOrPatch (method, url, body, headers, options) { const fetchOptions = makeFetchOptions(method, headers, options) if (body) { - if (body instanceof FormData) { + if (body instanceof FormData || body instanceof URLSearchParams) { fetchOptions.body = body } else { fetchOptions.body = JSON.stringify(body)