Skip to content

fix: refresh token flow uses x-www-form encoding #1135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
marceljk merged 1 commit into from
Dec 1, 2025
Merged

fix: refresh token flow uses x-www-form encoding #1135

marceljk merged 1 commit into from
Dec 1, 2025

Conversation

@JorTurFer
Copy link
Contributor

@JorTurFer JorTurFer commented Nov 28, 2025

Description

We have seen that during refresh_token grant type, the parameters are sent in query string and are logged by our monitoring systems. For token requests (specially over internet) x-www-form encoding should be used and currently it's used for code grant type too.

This PR updates the refresh_token grant type to use x-www-form

Checklist

  • Code format was applied: make fmt
  • Examples were added / adjusted (see e.g. here)
  • Docs are up-to-date: make generate-docs (will be checked by CI)
  • Unit tests got implemented or updated
  • Unit tests are passing: make test (will be checked by CI)
  • No linter issues: make lint (will be checked by CI)

@JorTurFer JorTurFer requested a review from a team as a code owner November 28, 2025 15:45
@JorTurFer @marceljk
fix: refresh token flow uses x-www-form encoding
218e916 
Signed-off-by: Jorge Turrado <jorge.turrado@mail.schwarz>
@marceljk marceljk enabled auto-merge (squash) December 1, 2025 15:44
@marceljk marceljk merged commit f352d44 into stackitcloud:main Dec 1, 2025
5 checks passed
@JorTurFer JorTurFer deleted the fix-refresh-token branch December 1, 2025 16:10
cgoetz-inovex pushed a commit that referenced this pull request Dec 2, 2025
@JorTurFer @cgoetz-inovex
fix: refresh token flow uses x-www-form encoding (#1135)
2b014bc
cgoetz-inovex added a commit that referenced this pull request Jan 27, 2026
@cgoetz-inovex @rubenhoenle
@dependabot @marceljk @stackit-pipeline @PietvanderMeulen @JorTurFer
feat(cdn): add cdn client, config, list command (#1100)
d65f218 
* feat(cdn): add cdn client, config, list command

* fix(cdn): generate docs

* fix(cdn) fix linting issues

* Update internal/cmd/beta/cdn/distribution/list/list.go

Co-authored-by: Ruben Hönle <Ruben.Hoenle@stackit.cloud>

* Update internal/cmd/beta/cdn/distribution/list/list.go

Co-authored-by: Ruben Hönle <Ruben.Hoenle@stackit.cloud>

* fix(cdn): rename sortBy params, use EnumSliceToStringSlice

* fix(cdn): make `testNextPageID`, `testID` and `testStatus` constant

* fix(cdn): add cdn subcommand to beta, generate docs

* feat(cdn) add limit flag to distribution list

* feat(cdn): add distribution create cmd

* fix(cdn): generate distribution create docs

* squash this

* feat(cdn) implement cdn distribution create/delete/describe/update

* squash

* squash

* fix(cdn) regenerate docs

* fix(cdn) linting issues

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/secretsmanager (#1112)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/serverbackup (#1111)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/ske (#1110)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/serverupdate (#1109)

* chore(deps): bump renovatebot/github-action from 44.0.3 to 44.0.4 (#1113)

* feat(kms) describe key, keyring, wrappingkey (#1107)

* feat(kms) describe key, keyring, wrappingkey

* fix(kms): do not reuse buffer during output tests

* fix(kms) use constant Time for TestOutputResult for constant table widths

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/rabbitmq (#1118)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/alb (#1117)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/mongodbflex (#1116)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/serviceaccount (#1115)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/serviceenablement (#1123)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/dns (#1122)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/iaas (#1121)

* fix(alb): print valid JSON/YAML output for list cmds (#1045)

relates to STACKITCLI-273 / #893

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/mariadb (#1129)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/redis (#1128)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/runcommand (#1127)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/authorization (#1120)

* chore: increase linter timeout (#1131)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/intake (#1132)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/loadbalancer (#1133)

* fix: log browser url to stderr instead of stdout (#1136)

fixes #1125

* fix(deps): update module github.com/goccy/go-yaml to v1.19.0 (#1137)

* feat(mongodbflex): add readAnyDatabase and stackitAdmin roles for users (#1049)

Co-authored-by: Ruben Hoenle <Ruben.Hoenle@stackit.cloud>

* fix: refresh token flow uses x-www-form encoding (#1135)

* chore(deps): update renovatebot/github-action action to v44.0.5 (#1141)

* chore(deps): bump github.com/stackitcloud/stackit-sdk-go/services/sqlserverflex (#1139)

* feat(cdn): add cdn client, config, list command

* feat(cdn) implement cdn distribution create/delete/describe/update

* fix(cdn) manual merge fixes

* fix(cdn) review fixes

- test Min
- test JoinStringMap
- rm superfluous var for constant
- rm file committed by accident
- add nil checks when dereferencing pointers

* fix(cdn) replace utils.Min usage with builtin min

* Update internal/cmd/beta/cdn/distribution/list/list.go

Co-authored-by: Ruben Hönle <Ruben.Hoenle@stackit.cloud>

* fix(cdn) apply review comments

- replace single char names with more descriptive ones
- remove predefined mod functions
- deduplicate ParseOriginRequestHeaders and test it
- deduplicate ParseGeofencing and test it
- add test FlagTo* funcs

* fix(cdn) fix merge errors

* fix(cdn) more merge errors, and single char renames

* fix(cdn) JoinStringMap: define order

* fix(cdn) define geofencing order

* fix(cdn) review changes

- fix `ID` spelling
- add missing new line at end of output
- rm TODO comment

* feat(printer) make PromptForPassword scripting compatible

* fix(cdn) add example to pass password in script

* fix(docs) generate docs

* fix(printer) make TestPromptForPassword compatible with older go versions

* fix(printer) fix/ignore linting issues

* fix(cdn) adjust list TestOutputResult expected to new printer changes

* fix(cdn) rm superfluous model.AssumeYes checks

* fix(fmt) run fmt

---------

Co-authored-by: Ruben Hönle <Ruben.Hoenle@stackit.cloud>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marcel Jacek <72880145+marceljk@users.noreply.github.com>
Co-authored-by: stackit-pipeline <142982727+stackit-pipeline@users.noreply.github.com>
Co-authored-by: Piet van der Meulen <piet.van.der.meulen@freiheit.com>
Co-authored-by: Jorge Turrado Ferrero <jorge.turrado@mail.schwarz>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marceljk marceljk marceljk approved these changes

@cgoetz-inovex cgoetz-inovex cgoetz-inovex approved these changes

Assignees

No one assigned

Labels

waiting-for-2nd-review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JorTurFer @marceljk @cgoetz-inovex