Skip to content

Password is sent as 'null' instead of an empty string in Authorization header #1251

New issue
New issue
Closed
Closed
Password is sent as 'null' instead of an empty string in Authorization header#1251
Labels
bugFor tagging faulty or unexpected behavior.investigation-neededIndication that the maintainer or involved community members may need to investigate more.
@buchatsky

Description

@buchatsky
buchatsky
opened on Aug 15, 2022

Describe the bug
When AuthConfig.useHttpBasicAuth is set to true and AuthConfig.dummyClientSecret is not specified, the password value in client_id:password pair is 'null' instead of an empty string ''. At least it is so with Authorization code flow.
This causes the browser to popup a login prompt as a result to 401 server response (e.g. OpenIddict does not treat null password as an empty one).

Expected behavior
'client_id:' instead of 'client_id:null'

Additional context
angular-oauth2-oidc: 13.0.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugFor tagging faulty or unexpected behavior.investigation-neededIndication that the maintainer or involved community members may need to investigate more.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions