Hello Hackers, While working on an OAuth validator for PG18 I noticed that currently the client code doesn't work when using Google as the OAuth provider. It requires two small changes:
* The device code request only includes the OAuth Client ID in the request body if the user doesn't specify a client secret (if the secret is specified, the client ID is only sent as part of the basic auth header), but Google OAuth always expects it in the body * The wait loop for the authorization only expects HTTP 400 and 401, but the Google endpoint responds with HTTP 428 (Precondition required) Both issues are testable/verifiable without a properly working validator, as they happen on the client side, before invoking the validator logic. I attached a small patch which fixes both.
google_oidc.patch
Description: Binary data
