fix: fetch the clientId/secret from the auth header if present

src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java

@@ -45,6 +45,7 @@
 import io.supertokens.session.jwt.JWT.JWTException;
 import io.supertokens.storageLayer.StorageLayer;
 import io.supertokens.useridmapping.UserIdType;
+import io.supertokens.utils.Utils;
 import io.supertokens.webserver.InputParser;
 import io.supertokens.webserver.WebserverAPI;
 import jakarta.servlet.ServletException;
@@ -99,7 +100,14 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
             formFields.put(entry.getKey(), entry.getValue().getAsString());
         }
 
-        String clientId = formFields.get("client_id");
+        String clientId;
+
+        if (authorizationHeader != null) {
+            String[] parsedHeader = Utils.convertFromBase64(authorizationHeader.replaceFirst("^Basic ", "").trim()).split(":");
+            clientId = parsedHeader[0];
+        } else {
+            clientId = InputParser.parseStringOrThrowError(input, formFields.get("client_id"), false);
+        }
 
         try {
             AppIdentifier appIdentifier = getAppIdentifier(req);
@@ -158,7 +166,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
                 main, req, resp,
                 getAppIdentifier(req),
                 enforcePublicTenantAndGetPublicTenantStorage(req),
-                formFields.get("client_id"), // clientIdToCheck
+                clientId, // clientIdToCheck
                 "/oauth2/token", // proxyPath
                 false, // proxyToAdmin
                 false, // camelToSnakeCaseConversion

src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthTokenAPI.java

@@ -20,6 +20,7 @@
 import io.supertokens.pluginInterface.exceptions.StorageTransactionLogicException;
 import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
+import io.supertokens.utils.Utils;
 import io.supertokens.webserver.InputParser;
 import io.supertokens.webserver.WebserverAPI;
 import jakarta.servlet.ServletException;
@@ -84,11 +85,21 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
                 }
 
                 // revoking refresh token
-                String clientId = InputParser.parseStringOrThrowError(input, "client_id", false);
-                String clientSecret = InputParser.parseStringOrThrowError(input, "client_secret", true);
+
+                String clientId, clientSecret;
 
                 String authorizationHeader = InputParser.parseStringOrThrowError(input, "authorizationHeader", true);
 
+                if (authorizationHeader != null) {
+                    String[] parsedHeader = Utils.convertFromBase64(authorizationHeader.replaceFirst("^Basic ", "").trim()).split(":");
+                    clientId = parsedHeader[0];
+                    clientSecret = parsedHeader[1];
+                } else {
+                    clientId = InputParser.parseStringOrThrowError(input, "client_id", false);
+                    clientSecret = InputParser.parseStringOrThrowError(input, "client_secret", true);
+                }
+
+
                 Map<String, String> headers = new HashMap<>();
                 if (authorizationHeader != null) {
                     headers.put("Authorization", authorizationHeader);