User Details
- User Since
- Oct 25 2016, 1:54 AM (425 w, 4 d)
- Availability
- Available
Oct 31 2016
Just pulled and tested and everything works fine.
Done. Thanks for the strlen() tip as well, been a while since I've written any real amount of PHP.
Applied epriestley's recommendations
Oct 30 2016
Use either HTTP auth or request parameters, not a potential mix of the two.
Sure, works for me, but I'm going to invert your logic (prefer AUTH header, fallback to request parameters).
Oct 28 2016
I've done some more digging as well and it appears that this issue arose in the Go library already: https://github.com/golang/oauth2/issues/111
It seems like section 2.3.1 is poorly worded. They talk about a "client password" but the example request only includes client_secret as a POST variable. In the case of the Golang OAuth2 module (which Concourse uses), it sets the basic auth username to the client ID and the password to the client secret (https://github.com/golang/oauth2/blob/master/internal/token.go#L164).
Oct 25 2016
Well, I was going to overclock my toaster, but I got some e-mail about a recall because of DNS or whatever.
Much appreciated.