Home

Site-Specific Peculiarities

Most frequently you'll need to set oauth2.authConfig.secretInBody = true (or use secret_in_body in your settings dict) because the server expects the client secret in the request body, not the Authorization header. This goes for Github, Instagram, Pinterest, Medium, Strava and others.

Also check out these:

Azure (additional resource parameter)
BitBucket (avoid session cookie)
Dropbox (400 if no Authorization header)
Facebook (URL-query-style response, not JSON)
GitHub (client-id/secret in body)
Google
Instagram, Bitly, Pinterest, Twitch, ... (no token type received)
LinkedIn (additional header)
Reddit (refresh token parameter)
Uber (avoid cached responses)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Home

Site-Specific Peculiarities

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally