-
Notifications
You must be signed in to change notification settings - Fork 283
Home
Thanh-Nhon NGUYEN edited this page Feb 5, 2020
·
11 revisions
Most frequently you'll need to set oauth2.authConfig.secretInBody = true (or use secret_in_body in your settings dict) because the server expects the client secret in the request body, not the Authorization header.
This goes for Github, Instagram, Pinterest, Medium, Strava and others.
Also check out these:
-
Azure (additional
resourceparameter) - BitBucket (avoid session cookie)
-
Dropbox (400 if no
Authorizationheader) - Facebook (URL-query-style response, not JSON)
- GitHub (client-id/secret in body)
- Facebook, Instagram, Bitly, Pinterest, Twitch, ... (no token type received)
- LinkedIn (additional header)
- Reddit (refresh token parameter)
- Uber (avoid cached responses)