allow specifying auth style (#51233)

3 years ago · 31e8e17d2f
parent d429cac27b
commit 31e8e17d2f
3 changed files with 16 additions and 1 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@ -576,6 +576,7 @@ tls_client_cert =
 tls_client_key =
 tls_client_ca =
 use_pkce = false
+auth_style = 

 #################################### Basic Auth ##########################
 [auth.basic]
--- a/conf/sample.ini
+++ b/conf/sample.ini
@ -563,6 +563,7 @@
 ;tls_client_key =
 ;tls_client_ca =
 ;use_pkce = false
+;auth_style =

 #################################### Basic Auth ##########################
 [auth.basic]
--- a/pkg/login/social/social.go
+++ b/pkg/login/social/social.go
@ -105,13 +105,26 @@ func ProvideService(cfg *setting.Cfg) *SocialService {

 		ss.oAuthProvider[name] = info

+		var authStyle oauth2.AuthStyle
+		switch strings.ToLower(sec.Key("auth_style").String()) {
+		case "inparams":
+			authStyle = oauth2.AuthStyleInParams
+		case "inheader":
+			authStyle = oauth2.AuthStyleInHeader
+		case "autodetect", "":
+			authStyle = oauth2.AuthStyleAutoDetect
+		default:
+			logger.Warn("Invalid auth style specified, defaulting to auth style AutoDetect", "auth_style", sec.Key("auth_style").String())
+			authStyle = oauth2.AuthStyleAutoDetect
+		}
+
 		config := oauth2.Config{
 			ClientID:     info.ClientId,
 			ClientSecret: info.ClientSecret,
 			Endpoint: oauth2.Endpoint{
 				AuthURL:   info.AuthUrl,
 				TokenURL:  info.TokenUrl,
-				AuthStyle: oauth2.AuthStyleAutoDetect,
+				AuthStyle: authStyle,
 			},
 			RedirectURL: strings.TrimSuffix(cfg.AppURL, "/") + SocialBaseUrl + name,
 			Scopes:      info.Scopes,