The following code is a stripped down version to show that a Golang client with a version of 1.21.x gets a 403, but a 1.20.x client gets a 400. I am not passing in a client id/secret, but if I did it would return success in 1.20 but will always return a 403 in 1.21
<body>
<h1>Error 403 Forbidden</h1>
<p>Forbidden</p>
<h3>Error 54113[Removed. Phone #s not permitted]t;/p>
<hr>
<p>Varnish cache server</p>
</body>
the code example is:
package main
import (
"bytes"
"fmt"
"io"
"net/http"
"net/url"
)
func main() {
tokenURL := url.URL{
Scheme: "https",
Host: "www.paypal.com",
Path: "/webapps/auth/protocol/openidconnect/v1/tokenservice",
RawQuery: "grant_type=authorization_code",
}
values := tokenURL.Query()
requestBody := bytes.NewBufferString(values.Encode())
req, _ := http.NewRequest("POST", tokenURL.String(), requestBody)
// this line will downgrade to http1 and return a 400
//http.DefaultClient.Transport = &http.Transport{TLSClientConfig: &tls.Config{}}
resp, err := http.DefaultClient.Do(req)
if err != nil {
fmt.Printf("got an error: %v\n", err)
} else {
fmt.Printf("no error. status: %v\n", resp.StatusCode)
bodyBytes, err := io.ReadAll(resp.Body)
if err != nil {
fmt.Printf("failed to read body: %v\n", err)
}
fmt.Printf("body: \n%s\n", bodyBytes)
}
}
I have a bunch of trace data that I can answer various questions about differences I am seeing between version 1.20.x and 1.21.x - but wanted to start the question simply to see if others have run into a similar issue?
Thank you,
Robert
