ueberauth · cgorshing · Feb 11, 2018 · Feb 11, 2018
diff --git a/lib/oauth2/response.ex b/lib/oauth2/response.ex
@@ -29,7 +29,9 @@ defmodule OAuth2.Response do
   @doc false
   def new(code, headers, body) do
     headers = process_headers(headers)
-    body = decode_response_body(body, content_type(headers))
+
+    body = decode_response_body(body, content_encoding(headers))
+    body = parse_response_body(body, content_type(headers))
     resp = %__MODULE__{status_code: code, headers: headers, body: body}
 
     if Application.get_env(:oauth2, :debug) do
@@ -43,16 +45,20 @@ defmodule OAuth2.Response do
     Enum.map(headers, fn {k, v} -> {String.downcase(k), v} end)
   end
 
-  defp decode_response_body("", _type), do: ""
-  defp decode_response_body(" ", _type), do: ""
+  defp decode_response_body(body, "gzip"), do: :zlib.gunzip(body)
+  defp decode_response_body(body, "x-gzip"), do: :zlib.gunzip(body)
+  defp decode_response_body(body, _encoding), do: body
+
+  defp parse_response_body("", _type), do: ""
+  defp parse_response_body(" ", _type), do: ""
   # Facebook sends text/plain tokens!?
-  defp decode_response_body(body, "text/plain") do
+  defp parse_response_body(body, "text/plain") do
     case URI.decode_query(body) do
       %{"access_token" => _} = token -> token
       _ -> body
     end
   end
-  defp decode_response_body(body, "application/x-www-form-urlencoded"),
+  defp parse_response_body(body, "application/x-www-form-urlencoded"),
     do: URI.decode_query(body)
-  defp decode_response_body(body, type), do: Serializer.decode!(body, type)
+  defp parse_response_body(body, type), do: Serializer.decode!(body, type)
 end
diff --git a/lib/oauth2/util.ex b/lib/oauth2/util.ex
@@ -6,6 +6,14 @@ defmodule OAuth2.Util do
     (mega * 1_000_000) + sec
   end
 
+  def content_encoding(headers) do
+    case get_content_encoding(headers) do
+      {_, content_encoding} ->
+        content_encoding
+      nil -> ""
+    end
+  end
+
   def content_type(headers) do
     case get_content_type(headers) do
       {_, content_type} ->
@@ -31,6 +39,10 @@ defmodule OAuth2.Util do
     end
   end
 
+  defp get_content_encoding(headers) do
+    List.keyfind(headers, "content-encoding", 0)
+  end
+
   defp get_content_type(headers) do
     List.keyfind(headers, "content-type", 0)
   end

diff --git a/test/oauth2/access_token_test.exs b/test/oauth2/access_token_test.exs
@@ -54,4 +54,23 @@ defmodule OAuth2.AccessTokenTest do
     assert AccessToken.expires_at("3600") == unix_now() + 3600
   end
 
+  test "no content-encoding" do
+    response = Response.new(200, [{"content-type", "text/plain"}], "Testing")
+    assert response.body == "Testing"
+  end
+
+  test "gzip content-encoding" do
+    response = Response.new(200, [{"content-type", "text/plain"}, {"content-encoding", "gzip"}], :zlib.gzip("Testing"))
+    assert response.body == "Testing"
+  end
+
+  test "x-gzip content-encoding" do
+    response = Response.new(200, [{"content-type", "text/plain"}, {"content-encoding", "x-gzip"}], :zlib.gzip("Testing"))
+    assert response.body == "Testing"
+  end
+
+  test "unknown content-encoding" do
+    response = Response.new(200, [{"content-type", "text/plain"}, {"content-encoding", "x-unknown"}], "Testing")
+    assert response.body == "Testing"
+  end
 end