oauth2: remove scope & client_id params from access token request

Remove "scope" & "client_id" from "token request" in the "access token request" of the "authorization code grant" flow, keeping "client_id" in case the provider is one of the known to be broken ones. Please see https://tools.ietf.org/html/rfc6749#section-4.1.3 This change is required for interoperation with OpenAM. Fixes golang/oauth2#145 Fixes golang/oauth2#110 Fixes golang/oauth2#188 Change-Id: Ie34c74980a6db7b5d34c851fb55a7d629fc7083e Reviewed-on: https://go-review.googlesource.com/23790 Reviewed-by: Chris Broadfoot <cbro@golang.org>
2016-06-04 01:11:54 -03:00
parent 314dd2c0bf
commit 4464e78483
4 changed files with 8 additions and 9 deletions
--- a/clientcredentials/clientcredentials_test.go
+++ b/clientcredentials/clientcredentials_test.go
@@ -48,8 +48,8 @@ func TestTokenRequest(t *testing.T) {
 		if err != nil {
 			t.Errorf("failed reading request body: %s.", err)
 		}
-		if string(body) != "client_id=CLIENT_ID&grant_type=client_credentials&scope=scope1+scope2" {
-			t.Errorf("payload = %q; want %q", string(body), "client_id=CLIENT_ID&grant_type=client_credentials&scope=scope1+scope2")
+		if string(body) != "grant_type=client_credentials&scope=scope1+scope2" {
+			t.Errorf("payload = %q; want %q", string(body), "grant_type=client_credentials&scope=scope1+scope2")
 		}
 		w.Header().Set("Content-Type", "application/x-www-form-urlencoded")
 		w.Write([]byte("access_token=90d64460d14870c08c81352a05dedd3465940a7c&token_type=bearer"))
@@ -84,7 +84,7 @@ func TestTokenRefreshRequest(t *testing.T) {
 			t.Errorf("Unexpected Content-Type header, %v is found.", headerContentType)
 		}
 		body, _ := ioutil.ReadAll(r.Body)
-		if string(body) != "client_id=CLIENT_ID&grant_type=client_credentials&scope=scope1+scope2" {
+		if string(body) != "grant_type=client_credentials&scope=scope1+scope2" {
 			t.Errorf("Unexpected refresh token payload, %v is found.", string(body))
 		}
 	}))