lib/httpx/plugins/oauth.rb in httpx-1.2.2 vs lib/httpx/plugins/oauth.rb in httpx-1.2.3

@@ -14,11 +14,11 @@
 
       SUPPORTED_GRANT_TYPES = %w[client_credentials refresh_token].freeze
       SUPPORTED_AUTH_METHODS = %w[client_secret_basic client_secret_post].freeze
 
       class OAuthSession
-        attr_reader :token_endpoint_auth_method, :grant_type, :client_id, :client_secret, :access_token, :refresh_token, :scope
+        attr_reader :grant_type, :client_id, :client_secret, :access_token, :refresh_token, :scope
 
         def initialize(
           issuer:,
           client_id:,
           client_secret:,
@@ -26,11 +26,11 @@
           refresh_token: nil,
           scope: nil,
           token_endpoint: nil,
           response_type: nil,
           grant_type: nil,
-          token_endpoint_auth_method: "client_secret_basic"
+          token_endpoint_auth_method: nil
         )
           @issuer = URI(issuer)
           @client_id = client_id
           @client_secret = client_secret
           @token_endpoint = URI(token_endpoint) if token_endpoint
@@ -41,14 +41,14 @@
                    when Array
                      scope
           end
           @access_token = access_token
           @refresh_token = refresh_token
-          @token_endpoint_auth_method = String(token_endpoint_auth_method)
+          @token_endpoint_auth_method = String(token_endpoint_auth_method) if token_endpoint_auth_method
           @grant_type = grant_type || (@refresh_token ? "refresh_token" : "client_credentials")
 
-          unless SUPPORTED_AUTH_METHODS.include?(@token_endpoint_auth_method)
+          unless @token_endpoint_auth_method.nil? || SUPPORTED_AUTH_METHODS.include?(@token_endpoint_auth_method)
             raise Error, "#{@token_endpoint_auth_method} is not a supported auth method"
           end
 
           return if SUPPORTED_GRANT_TYPES.include?(@grant_type)
 
@@ -57,12 +57,16 @@
 
         def token_endpoint
           @token_endpoint || "#{@issuer}/token"
         end
 
+        def token_endpoint_auth_method
+          @token_endpoint_auth_method || "client_secret_basic"
+        end
+
         def load(http)
-          return if @token_endpoint_auth_method && @grant_type && @scope
+          return if @grant_type && @scope
 
           metadata = http.get("#{@issuer}/.well-known/oauth-authorization-server").raise_for_status.json
 
           @token_endpoint = metadata["token_endpoint"]
           @scope = metadata["scopes_supported"]
@@ -121,14 +125,14 @@
           headers = {}
           form_post = { "grant_type" => grant_type, "scope" => Array(oauth_session.scope).join(" ") }.compact
 
           # auth
           case oauth_session.token_endpoint_auth_method
-          when "client_secret_basic"
-            headers["authorization"] = Authentication::Basic.new(oauth_session.client_id, oauth_session.client_secret).authenticate
           when "client_secret_post"
             form_post["client_id"] = oauth_session.client_id
             form_post["client_secret"] = oauth_session.client_secret
+          when "client_secret_basic"
+            headers["authorization"] = Authentication::Basic.new(oauth_session.client_id, oauth_session.client_secret).authenticate
           end
 
           case grant_type
           when "client_credentials"
             # do nothing