Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello !
How can I use an OAuth2 stream if the provider doesn't follow RFC standards?
For my example, Epic Games doesn't accept url encoded Authorization Header, so implementation via Ory Kratos/OAuth2/HTTP package/Method SetBasicAuth is not possible.
Any ideas?
<@U011D3UQKNY> or <@U010F2N7G2X> have you seen this before?

Hello <@U04STM7V94Z>

Is this the correct documentation <https://dev.epicgames.com/docs/web-api-ref/connect-web-api> ?

Yes this the correct documentation and they don't speak to url encode the contatenatation of `client_id:client_secret`  like Go HTTP package needed : <https://cs.opensource.google/go/go/+/refs/tags/go1.21.3:src/net/http/request.go;l=987>

This line from OAuth2 for Go is the problem, because it encodes the client's identifier and secret <https://github.com/golang/oauth2/blob/master/internal/token.go#L199>
I will try a PR to add a bool to allow non url encode data