Allow Multipart form POSTs to include access tokens #10553
Conversation
As part of changes in 6db58cb, we modified the logic for whether an access token could be sent as a parameter in a request's body. However, this doesn't account for Multipart POSTs, for instance where an image and an access token may be provided together. This isn't called out as an option for RFC 6750, but is being used in practice, so we should aim to support it.
spring-projects-issues
added
the
status: waiting-for-triage
marcusdacoregio
added
in: oauth2
|
Hi @jamietanna, thanks for your interest in the project! Unfortunately, I don't know much about the Micropub standard or the community behind that document, but my understanding is that it is not an internet standards track document, correct? Unfortunately, this PR seems to regress issue gh-10326, which specifically aligned us with RFC 6750 to avoid issues with multipart form uploads. If support for multipart form uploads is required in your case, I think it would be fairly reasonable to provide your own |
sjohnr
added
the
status: waiting-for-feedback
|
Hey @sjohnr! It's been a W3 Recommended standard, but agreed it's not super widely used. I think that's a very fair point, and I thought I'd raise this PR just to see what your thoughts were - I agree that a custom |
|
Thanks @jamietanna for the follow up and understanding! |
sjohnr
added
status: declined
As part of changes in 6db58cb, we
modified the logic for whether an access token could be sent as a
parameter in a request's body.
However, this doesn't account for Multipart POSTs, for instance where an
image and an access token may be provided together.
This isn't called out as an option for RFC 6750, but is being used in
practice, so we should aim to support it.
In use i.e. by the Micropub standard