github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-27 17:36:42 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

fix(oauth): encode clientId and clientSecret in authorization header (#2120)

Browse Source 
* fix(oauth2): encode clientId and clientSecret in authorization header

* fix(oauth2): refactor to use encodeOAuthParameter for clientId and clientSecret

* chore: lint

---------

Co-authored-by: Bereket Engida <bekacru@gmail.com>
This commit is contained in:
Xinyao
2025-04-05 13:02:26 +08:00
committed by GitHub
parent a686070437
commit ffa24f74a5
3 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
packages/better-auth/src/oauth2/refresh-access-token.ts
View File

@@ -1,6 +1,7 @@
import { betterFetch } from "@better-fetch/fetch";
import type { OAuth2Tokens } from "./types";
import type { ProviderOptions } from "./types";
import { encodeOAuthParameter } from "./utils";
export async function refreshAccessToken({
refreshToken,
@@ -27,7 +28,9 @@ export async function refreshAccessToken({
body.set("refresh_token", refreshToken);
if (authentication === "basic") {
const encodedCredentials = btoa(
`${options.clientId}:${options.clientSecret}`,
`${encodeOAuthParameter(options.clientId)}:${encodeOAuthParameter(
options.clientSecret,
)}`,
);
headers["authorization"] = `Basic ${encodedCredentials}`;
} else {

3
packages/better-auth/src/oauth2/utils.ts
View File

@@ -26,3 +26,6 @@ export function getOAuth2Tokens(data: Record<string, any>): OAuth2Tokens {
idToken: data.id_token,
};
}
export const encodeOAuthParameter = (value: string) =>
encodeURIComponent(value).replace(/%20/g, "+");

5
packages/better-auth/src/oauth2/validate-authorization-code.ts
View File

@@ -2,6 +2,7 @@ import { betterFetch } from "@better-fetch/fetch";
import type { ProviderOptions } from "./types";
import { getOAuth2Tokens } from "./utils";
import { jwtVerify } from "jose";
import { encodeOAuthParameter } from "./utils";
export async function validateAuthorizationCode({
code,
@@ -34,7 +35,9 @@ export async function validateAuthorizationCode({
body.set("redirect_uri", options.redirectURI || redirectURI);
if (authentication === "basic") {
const encodedCredentials = btoa(
`${options.clientId}:${options.clientSecret}`,
`${encodeOAuthParameter(options.clientId)}:${encodeOAuthParameter(
options.clientSecret,
)}`,
);
headers["authorization"] = `Basic ${encodedCredentials}`;
} else {