From 61135539af633ec6b7f44b3e7858b6213bdb5f6c Mon Sep 17 00:00:00 2001 From: Anthony Simmon Date: Thu, 27 Jun 2024 11:19:23 -0400 Subject: [PATCH] Update docs and usage in tests --- README.md | 4 ++-- .../ClientCredentialsTokenHttpMessageHandlerTests.cs | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 42b606a..ae4107b 100644 --- a/README.md +++ b/README.md @@ -83,8 +83,8 @@ services.AddOptions("MyClient").Bind(configuration.Get services.AddHttpClient().AddClientCredentialsHandler( /* [...] */); ``` -Note on `EnforceHttps`. -It is possible to allow http authenticated requests, however, this should be limited to exceptional scenarios. +Note on `EnforceHttps`, which is disabled by default. +It is possible to allow http authenticated requests, however, this should be limited to specific scenarios, such as intra-cluster communication. It is strongly advised that you always use https for authenticated requests transmitted as the token sent will be in clear. Then, instantiate the `HttpClient` later on using `IHttpClientFactory` or directly inject it in the constructor if you used the generic registration: diff --git a/src/Workleap.Authentication.ClientCredentialsGrant.Tests/ClientCredentialsTokenHttpMessageHandlerTests.cs b/src/Workleap.Authentication.ClientCredentialsGrant.Tests/ClientCredentialsTokenHttpMessageHandlerTests.cs index f9755b3..096396b 100644 --- a/src/Workleap.Authentication.ClientCredentialsGrant.Tests/ClientCredentialsTokenHttpMessageHandlerTests.cs +++ b/src/Workleap.Authentication.ClientCredentialsGrant.Tests/ClientCredentialsTokenHttpMessageHandlerTests.cs @@ -54,7 +54,6 @@ public async Task Throws_ClientCredentialsException_When_Http_By_Default() [Fact] public async Task SendAsync_When_EnforceHttps_False_For_Http_Requests() { - this._options.EnforceHttps = false; this._mockPrimaryHttpMessageHandler.ExpectedHttpResponseMessages = new[] { new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent("Access granted on first try") },