fix #129 Setting token in query params and Authorization header violates spec

2013-03-05 04:04:00 -03:00
parent ba81ad43bd
commit 798157c185
2 changed files with 13 additions and 2 deletions
--- a/lib/oauth2.js
+++ b/lib/oauth2.js
@ -67,7 +67,7 @@ exports.OAuth2.prototype._request= function(method, url, headers, post_body, acc
  realHeaders['Host']= parsedUrl.host;

  realHeaders['Content-Length']= post_body ? Buffer.byteLength(post_body) : 0;
-  if( access_token ) {
+  if( access_token && !('Authorization' in headers)) {
    if( ! parsedUrl.query ) parsedUrl.query= {};
    parsedUrl.query[this._accessTokenName]= access_token;
  }