commit 36ff901f7b5bce4fa4f23b4e0e02ab9a70ebf3ec
author Andrew Etter <andrew.etter@gmail.com> Sun May 10 16:33:37 2015 -0400
committer Burcu Dogan <jbd@google.com> Tue May 26 02:24:55 2015 +0000
tree 92ab7b0900bcf0344df657fa2db866a41c7c497c
parent f98d0160877ab4712b906626425ed8b0b320907c

oauth2: ensure case sensitivity for Bearer, MAC, and Basic in auth header

Fixes #113

Change-Id: Id2ba98809a536f1dc1fab5b30c49aeedd2fe4125
Reviewed-on: https://go-review.googlesource.com/9852
Reviewed-by: Burcu Dogan <jbd@google.com>

token.go

diff --git a/token.go b/token.go
index 252cfc7..ebbdddb 100644
--- a/token.go
+++ b/token.go
@@ -7,6 +7,7 @@
 import (
 	"net/http"
 	"net/url"
+	"strings"
 	"time"
 
 	"golang.org/x/net/context"
@@ -53,6 +54,15 @@
 
 // Type returns t.TokenType if non-empty, else "Bearer".
 func (t *Token) Type() string {
+	if strings.EqualFold(t.TokenType, "bearer") {
+		return "Bearer"
+	}
+	if strings.EqualFold(t.TokenType, "mac") {
+		return "MAC"
+	}
+	if strings.EqualFold(t.TokenType, "basic") {
+		return "Basic"
+	}
 	if t.TokenType != "" {
 		return t.TokenType
 	}

transport_test.go

diff --git a/transport_test.go b/transport_test.go
index efb8232..35cb25e 100644
--- a/transport_test.go
+++ b/transport_test.go
@@ -32,6 +32,39 @@
 	client.Get(server.URL)
 }
 
+// Test for case-sensitive token types, per https://github.com/golang/oauth2/issues/113
+func TestTransportTokenSourceTypes(t *testing.T) {
+	const val = "abc"
+	tests := []struct {
+		key  string
+		val  string
+		want string
+	}{
+		{key: "bearer", val: val, want: "Bearer abc"},
+		{key: "mac", val: val, want: "MAC abc"},
+		{key: "basic", val: val, want: "Basic abc"},
+	}
+	for _, tc := range tests {
+		ts := &tokenSource{
+			token: &Token{
+				AccessToken: tc.val,
+				TokenType:   tc.key,
+			},
+		}
+		tr := &Transport{
+			Source: ts,
+		}
+		server := newMockServer(func(w http.ResponseWriter, r *http.Request) {
+			if got, want := r.Header.Get("Authorization"), tc.want; got != want {
+				t.Errorf("Authorization header (%q) = %q; want %q", val, got, want)
+			}
+		})
+		defer server.Close()
+		client := http.Client{Transport: tr}
+		client.Get(server.URL)
+	}
+}
+
 func TestTokenValidNoAccessToken(t *testing.T) {
 	token := &Token{}
 	if token.Valid() {