From ea34da50e48e5bab04e98d166434d4b9fc94a5bb Mon Sep 17 00:00:00 2001
From: Fabian Stamm <dev@fabianstamm.de>
Date: Thu, 14 Mar 2019 17:50:59 +0000
Subject: [PATCH] Adding support for client auth in authorization header

---
 src/api/middlewares/client.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/api/middlewares/client.ts b/src/api/middlewares/client.ts
index 8b50710..0882720 100644
--- a/src/api/middlewares/client.ts
+++ b/src/api/middlewares/client.ts
@@ -11,6 +11,17 @@ export function GetClientAuthMiddleware(checksecret = true, internal = false, ch
       try {
          let client_id = req.query.client_id || req.body.client_id;
          let client_secret = req.query.client_secret || req.body.client_secret;
+                                                               
+         if(!client_id && !client_secret && req.query.headers.authorization) {
+            let header = req.query.headers.authorization;
+            let [type, val] = header.split(" ");
+            if(val) {
+               let str = Buffer.from(val, "base64").toString("utf-8");
+               let [id, secret] = str.split(":");
+               client_id = id;
+               client_secret = secret;
+            }
+         }
 
          if (!client_id || (!client_secret && checksecret)) {
             throw new RequestError("No client credentials", HttpStatusCode.BAD_REQUEST);