is it mandatory to b64 encode the 'registration_token' ? #822
Comments
|
You mean the code at https://github.com/OpenIDC/pyoidc/blob/41e2b0a7142e79e265a0b19eed22d8483044bc11/src/oic/oic/__init__.py#L1401 ? I do not see any deeper reason about the Base64 coding there, after reading the clarifying comments. But the spec is confusing, as is also reported in an errata for RFC 6750 (https://www.rfc-editor.org/errata/eid5335). @tpazderka Do you remember the reason you added the B64 in the initial commit for the initial access token? |
|
@schlenk Yes, it is this part of code. |
|
Well, I have no idea :) It is possible that I got confused by the But as pointed in some of the discussions, it sort of implies b64 from another angle, when it describes HTTP Basic Auth, which uses b64 to create the token. I do think that the area is very unclear and going one way or another will inevitably break someones code. The best approach is to switch the b64 encoding part to be mandated by settings in the Client with the default behavior being the current one so we do not break existing implementations. |
Hi,
I had an issue when I try to register a client.
My registration endpoint responded that my client was unauthorized.
After some investigates in your source, I found that you encode all the registration_token in b64 (except the jwt) .
I try to find, in the RFC, the reason of this encode, but I found nothing clear.
specs/openid-connect-registration
OAuth 2.0 Authorization Framework: Bearer Token Usage
Could you explain me why the b64 is mandatory or if it is not can I push a PR to fix it ?
During my investigates, I found some similar issue on other repositories as (oauth2-server-php)
Thank's for your work.
The text was updated successfully, but these errors were encountered: