This repository was archived by the owner on Oct 19, 2024. It is now read-only.
Conversation
cyyynthia
reviewed
Jan 28, 2024
Comment on lines
+193
to
+207
| Some(("Basic", token)) => { | ||
| let decoded = base64::engine::general_purpose::STANDARD | ||
| .decode(token.trim()) | ||
| .map_err(|_| AuthenticationError::InvalidCredentials)?; | ||
|
|
||
| let credentials: String = | ||
| String::from_utf8(decoded).map_err(|_| AuthenticationError::InvalidCredentials)?; | ||
|
|
||
| Ok(credentials | ||
| .split_once(':') | ||
| .ok_or_else(|| AuthenticationError::InvalidCredentials)? | ||
| .1 | ||
| .trim() | ||
| .to_string()) | ||
| } |
There was a problem hiding this comment.
It's kind of awkward and unexpected to have the client_id be in the request payload, and the secret extracted from the Basic authentication header. Having any of these be in the request body is not recommended as per the standard.
This would work for my generic implementation (since they're sent in both ways for compatibility reasons), but a client might expect to only send them through Basic authorization, or only through the HTTP payload.
I know it adds some complexity to the authentication routine, that's the blessing of standards that are 14 years old! 😇 My intuition would be to change the signature to output an enum, so a variant can hold 2 strings and pass them along to oauth checks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Not bothering to blur any of the sensitive data out because it's a local DB.
This was a PITA to figure out and test, but it seems to work as expected locally.