Humanstate / mojolicious-plugin-oauth2-server / 92
96%

DEFAULT BRANCH: master
Ran
Jobs 8
Files 1
Run time 3min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
92

push

travis-ci

leejo 
resolve #4 - password grant uses Auth header

According to: https://tools.ietf.org/html/rfc6749#section-4.3.2

    If the client type is confidential or the client was issued client
    credentials (or assigned other authentication requirements), the
    client MUST authenticate with the authorization server as described
    in Section 3.2.1.

Which goes around the houses to point at:
https://tools.ietf.org/html/rfc6749#section-2.3.1

               ... The authorization server MUST support the HTTP Basic
    authentication scheme for authenticating clients that were issued a
    client password.

    For example (with extra line breaks for display purposes only):

     Authorization: Basic czZCaGRSa3F0Mzo3RmpmcDBaQnIxS3REUmJuZlZkbUl3

    Alternatively, the authorization server MAY support including the
    client credentials in the request-body ...

So for the Password grant we should be able to get the client_id and
client_secret from the `Authorization` header if it is available and not
rely on these being available in the `->param` hash

The problem with the spec as documented in section 4.3.2 is that it
stipulates:

    The authorization server MUST:

   o  require client authentication for confidential clients or for any
      client that was issued client credentials (or with other
      authentication requirements),

and we currently don't define exactly which clients are confidential
for the password grant when using the modules out of the box with the
minimum configuration and no overrides.

TODO: perhaps we could tweak the config hash for password grant to
specify which clients are confidential or were issued client credentials
as currently the logic here will allow either an Auth header or the
defaults in the query params

129 of 135 relevant lines covered (95.56%)

196.96 hits per line

Jobs
ID Job ID Ran Files Coverage
1 92.1 0
95.35
 Travis Job 92.1
2 92.2 0
95.35
 Travis Job 92.2
3 92.3 0
95.56
 Travis Job 92.3
4 92.4 0
95.56
 Travis Job 92.4
5 92.5 0
95.56
 Travis Job 92.5
6 92.6 0
95.56
 Travis Job 92.6
7 92.7 0
95.56
 Travis Job 92.7
8 92.8 0
95.56
 Travis Job 92.8
Source Files on build 92
Detailed source file information is not available for this build.