Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Device Authorization Flow Node.js Sample Wrong Encoding in Documentation #9585

Open
milesstoetzner opened this issue Jan 19, 2021 · 1 comment
Open

Device Authorization Flow Node.js Sample Wrong Encoding in Documentation #9585

milesstoetzner opened this issue Jan 19, 2021 · 1 comment

Comments

@milesstoetzner
Copy link

Description

Device Authorization Flow Node.js sample code is not encoding data correctly.

The sample code passes a JSON object to axios which expects a string.
The solution is to correctly encode the parameters.

This problem should apply to all Node.js examples on the documentation page.
I tested this only at the device authorization endpoint and token endpoint.

Here is one sample code of the documentation:

var axios = require("axios").default;

var options = {
  method: 'POST',
  url: 'https://YOUR_DOMAIN/oauth/device/code',
  headers: {'content-type': 'application/x-www-form-urlencoded'},
  data: {client_id: 'YOUR_CLIENT_ID', scope: 'SCOPE', audience: 'AUDIENCE'}
};

axios.request(options).then(function (response) {
  console.log(response.data);
}).catch(function (error) {
  console.error(error);
});

The request sent to the device authorization endpoint using the sample code looks as follows.
Note, the data is a stringified JSON and not correctly encoded.

 {
    url: 'https://YOUR_DOMAIN/oauth/device/code',
    method: 'post',
    data: '{"client_id":"YOUR_CLIENT_ID","audience":"MASKED"}',
    headers: {
      Accept: 'application/json, text/plain, */*',
      'Content-Type': 'application/x-www-form-urlencoded',
      'User-Agent': 'axios/0.21.1',
      'Content-Length': 78
    },

The error repsonse form the device authorization endpoint

    data: {
      error: 'unauthorized_client',
      error_description: 'Unauthorized or unknown client'
    }

Here is an example from the axios documentation to correctly encode the body:

import qs from 'qs';
const data = { 'bar': 123 };
const options = {
  method: 'POST',
  headers: { 'content-type': 'application/x-www-form-urlencoded' },
  data: qs.stringify(data),
  url,
};
axios(options);

Reproduction

Create a Native Application and follow the tutorial for Device Authorization Flow.

Environment

  • "axios": "^0.21.1",
  • Windows 10
@milesstoetzner
Copy link
Author

I think the documentation should either use or at least mention the openid-client library which implements the device flow.

See https://github.com/panva/node-openid-client#device-authorization-grant-device-flow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@milesstoetzner