-
Notifications
You must be signed in to change notification settings - Fork 278
Home
Thanh-Nhon NGUYEN edited this page Feb 5, 2020
·
11 revisions
Most frequently you'll need to set oauth2.authConfig.secretInBody = true
(or use secret_in_body
in your settings dict) because the server expects the client secret in the request body, not the Authorization header.
This goes for Github, Instagram, Pinterest, Medium, Strava and others.
Also check out these:
-
Azure (additional
resource
parameter) - BitBucket (avoid session cookie)
-
Dropbox (400 if no
Authorization
header) - Facebook (URL-query-style response, not JSON)
- GitHub (client-id/secret in body)
- Facebook, Instagram, Bitly, Pinterest, Twitch, ... (no token type received)
- LinkedIn (additional header)
- Reddit (refresh token parameter)
- Uber (avoid cached responses)