Page MenuHomePhabricator

wrl (william light)
User

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Tuesday

  • Clear sailing ahead.

User Details

User Since
Oct 25 2016, 1:54 AM (425 w, 4 d)
Availability
Available

Recent Activity

Oct 31 2016

wrl added a comment to D16763: oauthserver: get client ID/secret from HTTP auth.

Just pulled and tested and everything works fine.

Oct 31 2016, 9:23 PM
wrl added a comment to D16763: oauthserver: get client ID/secret from HTTP auth.

Done. Thanks for the strlen() tip as well, been a while since I've written any real amount of PHP.

Oct 31 2016, 2:54 PM
wrl updated the diff for D16763: oauthserver: get client ID/secret from HTTP auth.

Applied epriestley's recommendations

Oct 31 2016, 2:50 PM

Oct 30 2016

wrl updated the diff for D16763: oauthserver: get client ID/secret from HTTP auth.

Use either HTTP auth or request parameters, not a potential mix of the two.

Oct 30 2016, 5:18 AM
wrl added a comment to D16763: oauthserver: get client ID/secret from HTTP auth.

Sure, works for me, but I'm going to invert your logic (prefer AUTH header, fallback to request parameters).

Oct 30 2016, 5:17 AM

Oct 28 2016

wrl added a comment to T11794: OAuth Server Doesn't Handle Client ID and Secret in HTTP Basic Auth.

I've done some more digging as well and it appears that this issue arose in the Go library already: https://github.com/golang/oauth2/issues/111

Oct 28 2016, 11:33 PM · OAuthServer, Bug Report
wrl added a comment to T11794: OAuth Server Doesn't Handle Client ID and Secret in HTTP Basic Auth.

It seems like section 2.3.1 is poorly worded. They talk about a "client password" but the example request only includes client_secret as a POST variable. In the case of the Golang OAuth2 module (which Concourse uses), it sets the basic auth username to the client ID and the password to the client secret (https://github.com/golang/oauth2/blob/master/internal/token.go#L164).

Oct 28 2016, 9:15 PM · OAuthServer, Bug Report
wrl updated D16763: oauthserver: get client ID/secret from HTTP auth.
Oct 28 2016, 5:31 AM
wrl retitled D16763: oauthserver: get client ID/secret from HTTP auth from to oauthserver: get client ID/secret from HTTP auth.
Oct 28 2016, 5:29 AM
wrl added a revision to T11794: OAuth Server Doesn't Handle Client ID and Secret in HTTP Basic Auth: D16763: oauthserver: get client ID/secret from HTTP auth.
Oct 28 2016, 5:29 AM · OAuthServer, Bug Report
wrl created T11794: OAuth Server Doesn't Handle Client ID and Secret in HTTP Basic Auth.
Oct 28 2016, 5:22 AM · OAuthServer, Bug Report

Oct 25 2016

wrl added a comment to T11783: Diffusion Post-Push Webhooks.

Well, I was going to overclock my toaster, but I got some e-mail about a recall because of DNS or whatever.

Oct 25 2016, 2:51 AM · Feature Request
wrl added a comment to T11783: Diffusion Post-Push Webhooks.

Much appreciated.

Oct 25 2016, 2:39 AM · Feature Request
wrl created T11783: Diffusion Post-Push Webhooks.
Oct 25 2016, 2:11 AM · Feature Request