summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGaming4JC <g4jc@hyperbola.info>2019-12-30 10:33:31 -0500
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-01-11 13:43:26 +0100
commitc7fbaa67c6089fdb2682984d8d4a6f484c1eb49d (patch)
tree19ceab177dce392d515118c1ea53b72afa47ff86
parentc5b7a8f476239f63f23dc257969c77af07e38d6b (diff)
downloadUXP-c7fbaa67c6089fdb2682984d8d4a6f484c1eb49d.tar
UXP-c7fbaa67c6089fdb2682984d8d4a6f484c1eb49d.tar.gz
UXP-c7fbaa67c6089fdb2682984d8d4a6f484c1eb49d.tar.lz
UXP-c7fbaa67c6089fdb2682984d8d4a6f484c1eb49d.tar.xz
UXP-c7fbaa67c6089fdb2682984d8d4a6f484c1eb49d.zip
Bug 1599054 - allow callers to ommit sending OAuth2 client_secret parameter.
-rw-r--r--mailnews/base/util/OAuth2.jsm23
1 files changed, 21 insertions, 2 deletions
diff --git a/mailnews/base/util/OAuth2.jsm b/mailnews/base/util/OAuth2.jsm
index c838660f0..8c9282d02 100644
--- a/mailnews/base/util/OAuth2.jsm
+++ b/mailnews/base/util/OAuth2.jsm
@@ -19,7 +19,21 @@ Cu.importGlobalProperties(["fetch"]);
// Only allow one connecting window per endpoint.
var gConnecting = {};
-function OAuth2(aBaseURI, aScope, aAppKey, aAppSecret) {
+/**
+ * Constructor for the OAuth2 object.
+ *
+ * @constructor
+ * @param {string} aBaseURI - The base URI for authentication and token
+ * requests, oauth2/auth or oauth2/token will be added for the actual
+ * requests.
+ * @param {?string} aScope - The scope as specified by RFC 6749 Section 3.3.
+ * Will not be included in the requests if falsy.
+ * @param {string} aAppKey - The client_id as specified by RFC 6749 Section
+ * 2.3.1.
+ * @param {string} [aAppSecret=null] - The client_secret as specified in
+ * RFC 6749 section 2.3.1. Will not be included in the requests if null.
+ */
+function OAuth2(aBaseURI, aScope, aAppKey, aAppSecret = null) {
this.authURI = aBaseURI + "oauth2/auth";
this.tokenURI = aBaseURI + "oauth2/token";
this.consumerKey = aAppKey;
@@ -190,7 +204,12 @@ OAuth2.prototype = {
let data = new URLSearchParams();
data.append("client_id", this.consumerKey);
- data.append("client_secret", this.consumerSecret);
+ if (this.consumerSecret !== null) {
+ // Section 2.3.1. of RFC 6749 states that empty secrets MAY be omitted
+ // by the client. This OAuth implementation delegates this decission to
+ // the caller: If the secret is null, it will be omitted.
+ data.append("client_secret", this.consumerSecret);
+ }
if (aRefresh) {
this.log.info(