Skip to content

Cannot provide custom headers to get_token request

Created by: antonlitvinenko

Hello!

I think this change https://github.com/oauth-xx/oauth2/commit/48cd561bb3a3c8d10d2ad5d07b5fc765cb32f216 has introduced a bug which prevents from setting custom headers on get_token request.

  1. Consider code client.auth_code.get_token(verifier,{headers: ['Header 1' => 'A']}, ...)
  2. When it reaches the AuthCode.get_token then every key in params is rewritten be a string. So, on when calling @client.get_token(params, opts) the params are changed to {'headers' => ['Header 1' => 'A']}
  3. OAuth2::Client.get_token there is a line which seems to take custom headers and apply them to the request, except it accesses headers using symbol: headers = params.delete(:headers) || {} , but AuthCode has rewritten all the keys to be strings. So, params.delete(:headers) returns nil

This seems like a big issue and someone should have already noticed it since the commit. But I couldn't find anybody mentioning it, so I have a feeling that I am missing something and this code, in fact, is working as expected.