Password is sent as 'null' instead of an empty string in Authorization header #1251
Labels
bug
For tagging faulty or unexpected behavior.
investigation-needed
Indication that the maintainer or involved community members may need to investigate more.
Comments
jeroenheijmans
added
bug
|
Seems like a li'l bug to me indeed. What happens if you set |
|
@jeroenheijmans yes, setting dummyClientSecret to '' does work as a workaround |
|
I'm setting the default value for |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When AuthConfig.useHttpBasicAuth is set to true and AuthConfig.dummyClientSecret is not specified, the password value in client_id:password pair is 'null' instead of an empty string ''. At least it is so with Authorization code flow.
This causes the browser to popup a login prompt as a result to 401 server response (e.g. OpenIddict does not treat null password as an empty one).
Expected behavior
'client_id:' instead of 'client_id:null'
Additional context
angular-oauth2-oidc: 13.0.1
The text was updated successfully, but these errors were encountered: