From 9e99bc1fcc93a31f2de754e566a4cbf17f7433cc Mon Sep 17 00:00:00 2001 From: Zach McElrath Date: Wed, 28 Sep 2016 08:35:16 -0400 Subject: [PATCH] All OAuth2 access token request body parameters should be URL-encoded as per spec --- src/oauth2.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/oauth2.js b/src/oauth2.js index ea6e1b7..0ef50b0 100644 --- a/src/oauth2.js +++ b/src/oauth2.js @@ -17,7 +17,7 @@ module.exports = function(p, callback) { client_id: p.client_id || p.id, client_secret: p.client_secret, grant_type: 'authorization_code', - redirect_uri: encodeURIComponent(p.redirect_uri) + redirect_uri: p.redirect_uri }; } else if (p.refresh_token) { @@ -40,7 +40,7 @@ module.exports = function(p, callback) { } // Convert the post object literal to a string - post = param(post, function(r) {return r;}); + post = param(post); // Create the request var r = url.parse(grant_url);