oauth_base.rb in rodauth-oauth-1.3.1

- old
+ new

@@ -365,11 +365,11 @@
                              authorization_required
                            end
     end
 
     def require_oauth_application_from_client_secret_basic(token)
-      client_id, client_secret = Base64.decode64(token).split(/:/, 2)
+      client_id, client_secret = Base64.decode64(token).split(":", 2)
       authorization_required unless client_id
       oauth_application = db[oauth_applications_table].where(oauth_applications_client_id_column => client_id).first
       authorization_required unless supports_auth_method?(oauth_application,
                                                           "client_secret_basic") && secret_matches?(oauth_application, client_secret)
       oauth_application
@@ -387,9 +387,11 @@
       authorization_required unless supports_auth_method?(oauth_application, "none")
       oauth_application
     end
 
     def supports_auth_method?(oauth_application, auth_method)
+      return false unless oauth_application
+
       supported_auth_methods = if oauth_application[oauth_applications_token_endpoint_auth_method_column]
                                  oauth_application[oauth_applications_token_endpoint_auth_method_column].split(/ +/)
                                else
                                  oauth_token_endpoint_auth_methods_supported
                                end