# HG changeset patch # User Kim Alvefur # Date 1775682733 -7200 # Node ID 3b69df385f66b68b06119cebc6ca1f80e80edc6e # Parent ff55e93be4497652e47ead8341b592d4c8a2502b mod_http_oauth2: Normalize the password in the password grant Otherwise entering passwords in non-normal form might lead to authentication failures. diff -r ff55e93be449 -r 3b69df385f66 mod_http_oauth2/mod_http_oauth2.lua --- a/mod_http_oauth2/mod_http_oauth2.lua Wed Apr 08 23:08:39 2026 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Wed Apr 08 23:12:13 2026 +0200 @@ -465,6 +465,10 @@ if not request_password then return oauth_error("invalid_request", "missing 'password'"); end + request_password = encodings.stringprep.saslprep(request_password); + if not request_password then + return oauth_error("invalid_request", "invalid 'password'"); + end local auth_event = { session = {