fix: use correct content type for token request

openfga · Feb 9, 2024 · 003d525 · 003d525
1 parent 2fefac1
commit 003d525
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 18 deletions.
diff --git a/src/OpenFga.Sdk.Test/Api/OpenFgaApiTests.cs b/src/OpenFga.Sdk.Test/Api/OpenFgaApiTests.cs
@@ -304,7 +304,8 @@ public async Task ExchangeCredentialsTest() {
                     "SendAsync",
                     ItExpr.Is<HttpRequestMessage>(req =>
                         req.RequestUri == new Uri($"https://{config.Credentials.Config.ApiTokenIssuer}/oauth/token") &&
-                        req.Method == HttpMethod.Post),
+                        req.Method == HttpMethod.Post &&
+                        req.Content.Headers.ContentType.ToString().Equals("application/x-www-form-urlencoded")),
                     ItExpr.IsAny<CancellationToken>()
                 )
                 .ReturnsAsync(new HttpResponseMessage() {
@@ -358,7 +359,8 @@ public async Task ExchangeCredentialsTest() {
                 Times.Exactly(1),
                 ItExpr.Is<HttpRequestMessage>(req =>
                     req.RequestUri == new Uri($"https://{config.Credentials.Config.ApiTokenIssuer}/oauth/token") &&
-                    req.Method == HttpMethod.Post),
+                    req.Method == HttpMethod.Post &&
+                    req.Content.Headers.ContentType.ToString().Equals("application/x-www-form-urlencoded")),
                 ItExpr.IsAny<CancellationToken>()
             );
             mockHandler.Protected().Verify(
@@ -401,7 +403,8 @@ public async Task ExchangeCredentialsAfterExpiryTest() {
                     "SendAsync",
                     ItExpr.Is<HttpRequestMessage>(req =>
                         req.RequestUri == new Uri($"https://{config.Credentials.Config.ApiTokenIssuer}/oauth/token") &&
-                        req.Method == HttpMethod.Post),
+                        req.Method == HttpMethod.Post &&
+                        req.Content.Headers.ContentType.ToString().Equals("application/x-www-form-urlencoded")),
                     ItExpr.IsAny<CancellationToken>()
                 )
                 .ReturnsAsync(new HttpResponseMessage() {
@@ -455,7 +458,8 @@ public async Task ExchangeCredentialsAfterExpiryTest() {
                 Times.Exactly(2),
                 ItExpr.Is<HttpRequestMessage>(req =>
                     req.RequestUri == new Uri($"https://{config.Credentials.Config.ApiTokenIssuer}/oauth/token") &&
-                    req.Method == HttpMethod.Post),
+                    req.Method == HttpMethod.Post &&
+                    req.Content.Headers.ContentType.ToString().Equals("application/x-www-form-urlencoded")),
                 ItExpr.IsAny<CancellationToken>()
             );
             mockHandler.Protected().Verify(

diff --git a/src/OpenFga.Sdk/ApiClient/OAuth2Client.cs b/src/OpenFga.Sdk/ApiClient/OAuth2Client.cs
@@ -28,13 +28,6 @@ private const int
 
     private static readonly Random _random = new();
 
-    private class AuthRequestBody {
-        [JsonPropertyName("audience")] public string? Audience { get; set; }
-        [JsonPropertyName("client_id")] public string? ClientId { get; set; }
-        [JsonPropertyName("client_secret")] public string? ClientSecret { get; set; }
-        [JsonPropertyName("grant_type")] public string? GrantType { get; set; }
-    }
-
     /// <summary>
     /// Credentials Flow Response
     ///
@@ -78,7 +71,7 @@ public bool IsValid() {
 
     private readonly BaseClient _httpClient;
     private AuthToken _authToken = new();
-    private AuthRequestBody _authRequest { get; set; }
+    private IDictionary<string, string> _authRequest { get; set; }
     private string _apiTokenIssuer { get; set; }
 
     #endregion
@@ -102,11 +95,11 @@ public OAuth2Client(Credentials credentialsConfig, BaseClient httpClient) {
 
         this._httpClient = httpClient;
         this._apiTokenIssuer = credentialsConfig.Config.ApiTokenIssuer;
-        this._authRequest = new AuthRequestBody() {
-            ClientId = credentialsConfig.Config.ClientId,
-            ClientSecret = credentialsConfig.Config.ClientSecret,
-            Audience = credentialsConfig.Config.ApiAudience,
-            GrantType = "client_credentials"
+        this._authRequest = new Dictionary<string, string>() {
+            { "client_id", credentialsConfig.Config.ClientId },
+            { "client_secret", credentialsConfig.Config.ClientSecret },
+            { "audience", credentialsConfig.Config.ApiAudience },
+            { "grant_type", "client_credentials" }
         };
     }
 
@@ -120,7 +113,7 @@ private async Task ExchangeTokenAsync(CancellationToken cancellationToken = defa
             Method = HttpMethod.Post,
             BasePath = $"https://{this._apiTokenIssuer}",
             PathTemplate = "/oauth/token",
-            Body = Utils.CreateJsonStringContent(this._authRequest)
+            Body = Utils.CreateFormEncodedConent(this._authRequest),
         };
 
         var accessTokenResponse = await _httpClient.SendRequestAsync<AccessTokenResponse>(

diff --git a/src/OpenFga.Sdk/ApiClient/Utils.cs b/src/OpenFga.Sdk/ApiClient/Utils.cs
@@ -26,6 +26,11 @@ public static HttpContent CreateJsonStringContent<T>(T body) {
         return new StringContent(json, Encoding.UTF8, "application/json");
     }
 
+    public static HttpContent CreateFormEncodedConent(IDictionary<string, string> parameters) {
+        return new FormUrlEncodedContent(parameters.Select(p =>
+            new KeyValuePair<string, string>(p.Key, p.Value ?? "")));
+    }
+
     public static string BuildQueryParams(IDictionary<string, string> parameters) {
         var query = "";
         foreach (var parameter in parameters) {