Providing HTTP Basic Auth causes mock-oauth2-server to ignore requestMappings #825
Description
Follow on from #815
Now with a new test script: https://gist.github.com/micolous/e54b84dec86fcc45754c5c429ed834c4
Whenever a client uses HTTP Basic authentication to provide its client_id, claims from the tokenCallbacks[].requestMappings[].claims config option are missing.
Running the above script with --attempt_count 1 --refresh_count 0 --client_id_in_query (which requests tokens with client_id=test) returns custom claims provided in requestMappings[].claims, as expected.
Running the above script with --attempt_count 1 --refresh_count 0 --client_id_in_query --http_basic_auth (which requests tokens with client_id=test and HTTP Basic auth) does not return custom claims provided in requestMappings[].claims.
It also fails for --attempt_count 1 --refresh_count 0 --http_basic_auth (which only uses HTTP Basic auth) – but I don't think there is anyway to set DefaultOAuth2TokenCallback options from JSON.
Authorisation servers MUST support using HTTP Basic authentication per RFC 6749 s2.3.1, and using query parameters to pass the client_id is NOT RECOMMENDED per the same spec.
Environment
Running mock-oauth2-server 2.1.10 in Docker, with this config:
{
"httpServer": {
"type": "NettyWrapper",
"ssl": {
"keyPassword": "",
"keystoreFile": "/run/secrets/server_p12",
"keystoreType": "PKCS12",
"keystorePassword": ""
}
},
"interactiveLogin": true,
"tokenCallbacks": [
{
"issuerId": "test-issuer",
"tokenExpiry": 90,
"requestMappings": [
{"requestParam": "client_id", "match": "*", "claims": {"customClaim": ["foo"]}}
]
}
]
}This also is an issue when "match": "test".