OAuth spec's section [1] doesn't mention the rules on how to generate the client ID and secret values. What it says is the values should be URL encoded. In that case, if it has spaces, those would be converted to %20 and replaced the spaces, which should be OK.
So, IMO it's totally up to the developers of the OAuth authorization servers to decide the format of the client ID and secret. May be that's why different OAuth providers support/doesn't support the spaces. [1] https://tools.ietf.org/html/rfc6749#section-2.3.1 On Wed, Dec 20, 2017 at 11:49 AM, Godwin Shrimal <[email protected]> wrote: > Hi Isuru, > > AFAIK we don't want to allow spaces for ClientID and Secret since OAuth > ClientID and Secret cannot have spaces. @Fara: Please confirm. > > Thanks > Godwin > > > On Wed, Dec 20, 2017 at 8:29 PM, Isuru Uyanage <[email protected]> wrote: > >> Hi All, >> >> When configuring external IDPs through connectors, we have client secret >> and client ID. Some connectors like Facebook, Pinterest allows space >> character in the client ID and service provider login is successful. >> >> Basecamp, Google, LinkedIn, MailChimp and etc connectors do not allow >> spaces in the Client ID nor did in the Client Secret. >> >> Amazon does not allow spaces in the Client ID but it allows spaces in the >> Client Secret. >> >> I want to clarify how it really should be. Shouldn't any of connectors >> allow the space in the Client ID and Client secret? >> >> Any feedback would be appreciated. >> >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> > > > -- > *Godwin Amila Shrimal* > Associate Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ > <https://www.linkedin.com/in/godwin-amila-2ba26844/>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
