From fc8ad8168d01a26414df939826c691b60361259f Mon Sep 17 00:00:00 2001
From: Eric Turcotte <ericturcotte@users.noreply.github.com>
Date: Wed, 12 Jul 2017 23:26:20 -0500
Subject: [PATCH] Renamed authorizeAccessCode() to
 authorizeAccessCodeWithQueryParams() Added
 authorizeAccessCodeWithBasicAuthentication() that sends the client_id and
 client_secret using HTTP basic authentication

    Authorization: Basic base64encoded[client_id:client_secret]

According to the OAuth2 spec, this is the preferred method.  It also enables
Authorization Servers that only support basic authentication during the
authorization_code grant.

https://tools.ietf.org/html/rfc6749#section-2.3.1
---
 src/core/plugins/auth/actions.js | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/core/plugins/auth/actions.js b/src/core/plugins/auth/actions.js
index 221d80a8..5524413e 100644
--- a/src/core/plugins/auth/actions.js
+++ b/src/core/plugins/auth/actions.js
@@ -111,7 +111,7 @@ export const authorizeApplication = ( auth ) => ( { authActions } ) => {
   return authActions.authorizeRequest({body: buildFormData(form), name, url: schema.get("tokenUrl"), auth, headers })
 }
 
-export const authorizeAccessCode = ( { auth, redirectUrl } ) => ( { authActions } ) => {
+export const authorizeAccessCodeWithQueryParams = ( { auth, redirectUrl } ) => ( { authActions } ) => {
   let { schema, name, clientId, clientSecret } = auth
   let form = {
     grant_type: "authorization_code",
@@ -124,6 +124,21 @@ export const authorizeAccessCode = ( { auth, redirectUrl } ) => ( { authActions
   return authActions.authorizeRequest({body: buildFormData(form), name, url: schema.get("tokenUrl"), auth})
 }
 
+export const authorizeAccessCodeWithBasicAuthentication = ( { auth, redirectUrl } ) => ( { authActions } ) => {
+  let { schema, name, clientId, clientSecret } = auth
+  let headers = {
+    Authorization: "Basic " + btoa(clientId + ":" + clientSecret)
+  }
+  let form = {
+    grant_type: "authorization_code",
+    code: auth.code,
+    client_id: clientId,
+    redirect_uri: redirectUrl
+  }
+
+  return authActions.authorizeRequest({body: buildFormData(form), name, url: schema.get("tokenUrl"), auth, headers})
+}
+
 export const authorizeRequest = ( data ) => ( { fn, authActions, errActions, authSelectors } ) => {
   let { body, query={}, headers={}, name, url, auth } = data
   let { additionalQueryStringParams } = authSelectors.getConfigs() || {}