You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The authorization server issues an access token and optional refresh token, and constructs the response by adding the following parameters to the entity-body of the HTTP response with a 200 (OK) status code: …
The parameters are included in the entity-body of the HTTP response using the "application/json" media type as defined by [RFC4627]. The parameters are serialized into a JavaScript Object Notation (JSON) structure by adding each parameter at the highest structure level.
However, GitHub's implementation is non-compliant, because it returns values in application/x-www-form-urlencoded format. This makes it impossible to use standards-compliant OAuth libraries to access the GitHub API (such as the "AppAuth-iOS" library), because even the option of adding a custom Accept: header is out of spec for OAuth 2. Requests to add support to libraries are repeatedlydenied. The official recommendation from these library providers is to fork their repository and make modifications to it.
GitHub should change their OAuth implementation to return application/json content.
We’ve clarified our stance on using generative AI tools like ChatGPT within our Community via this announcement. Please review the guidelines to ensure your post meets them as failure to adhere to those rules can result in action taken by our moderator team. You can read our updated Code of Conduct and the announcement for more details. Thank you for helping us maintain an authentic and beneficial space for everyone.
BugSomething isn't working correctlyAPI and WebhooksDiscussions and conversations related to APIs or Webhooks
3 participants
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Select Topic Area
Bug
Body
RFC 6749 § 5.1 says:
However, GitHub's implementation is non-compliant, because it returns values in
application/x-www-form-urlencoded
format. This makes it impossible to use standards-compliant OAuth libraries to access the GitHub API (such as the "AppAuth-iOS" library), because even the option of adding a customAccept:
header is out of spec for OAuth 2. Requests to add support to libraries are repeatedly denied. The official recommendation from these library providers is to fork their repository and make modifications to it.GitHub should change their OAuth implementation to return
application/json
content.Beta Was this translation helpful? Give feedback.
All reactions