Skip to content

Commit dc30749

Browse files
committed
fix: Use standard Base64 encoding for Basic Auth (RFC 7617)
`urlsafe_encode64` produces URL-safe Base64 (`+` → `-`, `/` → `_`), which is incorrect for HTTP Basic Authentication. Use `strict_encode64` to produce standard Base64 without newlines, as required by RFC 7617.
1 parent 1c18d1e commit dc30749

2 files changed

Lines changed: 5 additions & 5 deletions

File tree

lib/cognito_idp/client.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ def basic_authorization_headers
9999
return if client_secret.nil?
100100

101101
client_id_and_secret = "#{client_id}:#{client_secret}"
102-
{"Authorization" => "Basic #{Base64.urlsafe_encode64(client_id_and_secret)}"}
102+
{"Authorization" => "Basic #{Base64.strict_encode64(client_id_and_secret)}"}
103103
end
104104
end
105105
end

spec/cognito_idp/client_spec.rb

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@
102102
Faraday::Adapter::Test::Stubs.new do |stub|
103103
stub.post("https://auth.example.com/oauth2/token") do |env|
104104
id_and_secret = "#{client_id}:#{client_secret}"
105-
basic_auth = "Basic #{Base64.urlsafe_encode64(id_and_secret)}"
105+
basic_auth = "Basic #{Base64.strict_encode64(id_and_secret)}"
106106
fail "Basic Authorization is missing." unless env.request_headers["Authorization"] == basic_auth
107107
[200, {"Content-Type" => "application/json"}, response_payload.to_json]
108108
end
@@ -204,7 +204,7 @@
204204
Faraday::Adapter::Test::Stubs.new do |stub|
205205
stub.post("https://auth.example.com/oauth2/token", params_matcher) do |env|
206206
id_and_secret = "#{client_id}:#{client_secret}"
207-
basic_auth = "Basic #{Base64.urlsafe_encode64(id_and_secret)}"
207+
basic_auth = "Basic #{Base64.strict_encode64(id_and_secret)}"
208208
fail "Basic Authorization is missing." unless env.request_headers["Authorization"] == basic_auth
209209
[200, {"Content-Type" => "application/json"}, response_payload.to_json]
210210
end
@@ -325,7 +325,7 @@
325325
Faraday::Adapter::Test::Stubs.new do |stub|
326326
stub.post("https://auth.example.com/oauth2/token") do |env|
327327
id_and_secret = "#{client_id}:#{client_secret}"
328-
basic_auth = "Basic #{Base64.urlsafe_encode64(id_and_secret)}"
328+
basic_auth = "Basic #{Base64.strict_encode64(id_and_secret)}"
329329
fail "Basic Authorization is missing." unless env.request_headers["Authorization"] == basic_auth
330330
[200, {"Content-Type" => "application/json"}, response_payload.to_json]
331331
end
@@ -373,7 +373,7 @@
373373
Faraday::Adapter::Test::Stubs.new do |stub|
374374
stub.post("https://auth.example.com/oauth2/token", params_matcher) do |env|
375375
id_and_secret = "#{client_id}:#{client_secret}"
376-
basic_auth = "Basic #{Base64.urlsafe_encode64(id_and_secret)}"
376+
basic_auth = "Basic #{Base64.strict_encode64(id_and_secret)}"
377377
fail "Basic Authorization is missing." unless env.request_headers["Authorization"] == basic_auth
378378
[200, {"Content-Type" => "application/json"}, response_payload.to_json]
379379
end

0 commit comments

Comments
 (0)