Providing HTTP Basic Auth causes mock-oauth2-server to ignore requestMappings

[micolous]

Follow on from #815

Now with a new test script: https://gist.github.com/micolous/e54b84dec86fcc45754c5c429ed834c4

Whenever a client uses HTTP Basic authentication to provide its client_id, claims from the tokenCallbacks[].requestMappings[].claims config option are missing.

Running the above script with --attempt_count 1 --refresh_count 0 --client_id_in_query (which requests tokens with client_id=test) returns custom claims provided in requestMappings[].claims, as expected.

Running the above script with --attempt_count 1 --refresh_count 0 --client_id_in_query --http_basic_auth (which requests tokens with client_id=test and HTTP Basic auth) does not return custom claims provided in requestMappings[].claims.

It also fails for --attempt_count 1 --refresh_count 0 --http_basic_auth (which only uses HTTP Basic auth) – but I don't think there is anyway to set DefaultOAuth2TokenCallback options from JSON.

Authorisation servers MUST support using HTTP Basic authentication per RFC 6749 s2.3.1, and using query parameters to pass the client_id is NOT RECOMMENDED per the same spec.

Environment

Running mock-oauth2-server 2.1.10 in Docker, with this config:

{
  "httpServer": {
    "type": "NettyWrapper",
    "ssl": {
      "keyPassword": "",
      "keystoreFile": "/run/secrets/server_p12",
      "keystoreType": "PKCS12",
      "keystorePassword": ""
    }
  },
  "interactiveLogin": true,
  "tokenCallbacks": [
    {
      "issuerId": "test-issuer",
      "tokenExpiry": 90,
      "requestMappings": [
        {"requestParam": "client_id", "match": "*", "claims": {"customClaim": ["foo"]}}
      ]
    }
  ] 
}

This also is an issue when "match": "test".

[github-actions]

This issue is stale because it has been open for 60 days with no activity.