fix #8783

5 files changed, 32 insertions, 25 deletions

diff --git a/packages/merchant-backoffice-ui/src/paths/admin/create/CreatePage.tsx b/packages/merchant-backoffice-ui/src/paths/admin/create/CreatePage.tsx
index 4a5ab440b..a28992a2f 100644
--- a/packages/merchant-backoffice-ui/src/paths/admin/create/CreatePage.tsx
+++ b/packages/merchant-backoffice-ui/src/paths/admin/create/CreatePage.tsx
@@ -22,7 +22,7 @@
 import {
   Duration,
   TalerMerchantApi,
-  createAccessToken,
+  createRFC8959AccessTokenPlain,
 } from "@gnu-taler/taler-util";
 import { useTranslationContext } from "@gnu-taler/web-util/browser";
 import { h, VNode } from "preact";
@@ -132,7 +132,7 @@ export function CreatePage({ onCreate, onBack, forceId }: Props): VNode {
     newValue.auth =
       newToken === null || newToken === undefined
         ? { method: "external" }
-        : { method: "token", token: createAccessToken(newToken) };
+        : { method: "token", token: createRFC8959AccessTokenPlain(newToken) };
     if (!newValue.address) newValue.address = {};
     if (!newValue.jurisdiction) newValue.jurisdiction = {};
     // remove above use conversion
diff --git a/packages/merchant-backoffice-ui/src/paths/instance/token/DetailPage.tsx b/packages/merchant-backoffice-ui/src/paths/instance/token/DetailPage.tsx
index f75ee89b8..d718ffb69 100644
--- a/packages/merchant-backoffice-ui/src/paths/instance/token/DetailPage.tsx
+++ b/packages/merchant-backoffice-ui/src/paths/instance/token/DetailPage.tsx
@@ -27,7 +27,7 @@ import { FormProvider } from "../../../components/form/FormProvider.js";
 import { Input } from "../../../components/form/Input.js";
 import { NotificationCard } from "../../../components/menu/index.js";
 import { useSessionContext } from "../../../context/session.js";
-import { AccessToken, createAccessToken } from "@gnu-taler/taler-util";
+import { AccessToken, createRFC8959AccessTokenPlain } from "@gnu-taler/taler-util";
 
 interface Props {
   hasToken: boolean | undefined;
@@ -78,9 +78,9 @@ export function DetailPage({
     if (hasErrors) return;
     const oldToken =
       form.old_token !== undefined && hasToken
-        ? createAccessToken(form.old_token)
+        ? createRFC8959AccessTokenPlain(form.old_token)
         : undefined;
-    const newToken = createAccessToken(form.new_token!);
+    const newToken = createRFC8959AccessTokenPlain(form.new_token!);
     onNewToken(oldToken, newToken);
   }
 
@@ -134,7 +134,7 @@ export function DetailPage({
                         class="button"
                         onClick={() => {
                           if (hasToken) {
-                            onClearToken(form.old_token ? createAccessToken(form.old_token) : undefined);
+                            onClearToken(form.old_token ? createRFC8959AccessTokenPlain(form.old_token) : undefined);
                           } else {
                             onClearToken(undefined);
                           }
diff --git a/packages/merchant-backoffice-ui/src/paths/login/index.tsx b/packages/merchant-backoffice-ui/src/paths/login/index.tsx
index 272c40b55..d77bc75fd 100644
--- a/packages/merchant-backoffice-ui/src/paths/login/index.tsx
+++ b/packages/merchant-backoffice-ui/src/paths/login/index.tsx
@@ -19,7 +19,7 @@
  * @author Sebastian Javier Marchano (sebasjm)
  */
 
-import { HttpStatusCode, createAccessToken } from "@gnu-taler/taler-util";
+import { HttpStatusCode, createRFC8959AccessTokenEncoded } from "@gnu-taler/taler-util";
 import {
   useTranslationContext
 } from "@gnu-taler/web-util/browser";
@@ -49,7 +49,7 @@ export function LoginPage(_p: Props): VNode {
 
   async function doLoginImpl() {
     const result = await lib.authenticate.createAccessTokenBearer(
-      createAccessToken(token),
+      createRFC8959AccessTokenEncoded(token),
       tokenRequest,
     );
     if (result.type === "ok") {
diff --git a/packages/taler-harness/src/index.ts b/packages/taler-harness/src/index.ts
index 2b1fd9a0d..315173b7f 100644
--- a/packages/taler-harness/src/index.ts
+++ b/packages/taler-harness/src/index.ts
@@ -33,7 +33,8 @@ import {
   TalerMerchantInstanceHttpClient,
   TalerMerchantManagementHttpClient,
   TransactionsResponse,
-  createAccessToken,
+  createRFC8959AccessTokenEncoded,
+  createRFC8959AccessTokenPlain,
   decodeCrock,
   encodeCrock,
   generateIban,
@@ -690,12 +691,12 @@ deploymentCli
     help: "if everything worked ok, change the password of the accounts at the end",
   })
   .action(async (args) => {
-    const managementToken = createAccessToken(
+    const managementToken = createRFC8959AccessTokenPlain(
       args.provisionBankMerchant.merchantToken,
     );
     const bankAdminPassword = args.provisionBankMerchant.bankPassword;
     const bankAdminTokenArg = args.provisionBankMerchant.bankToken
-      ? createAccessToken(args.provisionBankMerchant.bankToken)
+      ? createRFC8959AccessTokenPlain(args.provisionBankMerchant.bankToken)
       : undefined;
     const id = args.provisionBankMerchant.id;
     const name = args.provisionBankMerchant.name;
@@ -812,7 +813,7 @@ deploymentCli
         address: {},
         auth: {
           method: "token",
-          token: createAccessToken(password),
+          token: createRFC8959AccessTokenPlain(password),
         },
         default_pay_delay: Duration.toTalerProtocolDuration(
           Duration.fromSpec({ hours: 1 }),
@@ -844,7 +845,7 @@ deploymentCli
      */
     {
       const resp = await merchantInstance.addBankAccount(
-        createAccessToken(password),
+        createRFC8959AccessTokenEncoded(password),
         {
           payto_uri: accountPayto,
           credit_facade_url: bank.getRevenueAPI(id).href,
@@ -887,7 +888,7 @@ deploymentCli
 
       {
         const resp = await merchantInstance.addTemplate(
-          createAccessToken(password),
+          createRFC8959AccessTokenEncoded(password),
           {
             template_id: "default",
             template_description: "First template",
@@ -967,10 +968,10 @@ deploymentCli
 
       {
         const resp = await merchantInstance.updateCurrentInstanceAuthentication(
-          createAccessToken(prevPassword),
+          createRFC8959AccessTokenEncoded(prevPassword),
           {
             method: "token",
-            token: createAccessToken(randomPassword),
+            token: createRFC8959AccessTokenPlain(randomPassword),
           },
         );
         if (resp.type === "fail") {
@@ -984,7 +985,7 @@ deploymentCli
 
       {
         const resp = await merchantInstance.updateBankAccount(
-          createAccessToken(randomPassword),
+          createRFC8959AccessTokenEncoded(randomPassword),
           wireAccount,
           {
             credit_facade_url: bank.getRevenueAPI(id).href,
@@ -1042,10 +1043,13 @@ deploymentCli
     const httpLib = createPlatformHttpLib({});
     const baseUrl = args.provisionMerchantInstance.merchantApiBaseUrl;
     const api = new TalerMerchantManagementHttpClient(baseUrl, httpLib);
-    const managementToken = createAccessToken(
+    const managementToken = createRFC8959AccessTokenEncoded(
       args.provisionMerchantInstance.managementToken,
     );
-    const instanceToken = createAccessToken(
+    const instanceTokenEnc = createRFC8959AccessTokenPlain(
+      args.provisionMerchantInstance.instanceToken,
+    );
+    const instanceTokenPlain = createRFC8959AccessTokenPlain(
       args.provisionMerchantInstance.instanceToken,
     );
     const instanceId = args.provisionMerchantInstance.id;
@@ -1059,7 +1063,7 @@ deploymentCli
       address: {},
       auth: {
         method: "token",
-        token: instanceToken,
+        token: instanceTokenPlain,
       },
       default_pay_delay: Duration.toTalerProtocolDuration(
         Duration.fromSpec({ hours: 1 }),
@@ -1082,7 +1086,7 @@ deploymentCli
       process.exit(2);
     }
 
-    const createAccountResp = await api.addBankAccount(instanceToken, {
+    const createAccountResp = await api.addBankAccount(instanceTokenEnc, {
       payto_uri: accountPayto,
       credit_facade_url: bankURL,
       credit_facade_credentials:
diff --git a/packages/taler-util/src/http-client/types.ts b/packages/taler-util/src/http-client/types.ts
index 77b7e2c2a..614a386e1 100644
--- a/packages/taler-util/src/http-client/types.ts
+++ b/packages/taler-util/src/http-client/types.ts
@@ -193,19 +193,21 @@ export type AccessToken = string & {
   [__ac_token]: true;
 };
 
+
 /**
  * Create a rfc8959 access token.
  * Adds secret-token: prefix if there is none.
+ * Encode the token with rfc7230 to send in a http header.
  *
- * @deprecated use createRFC8959AccessToken
  * @param token
  * @returns
  */
-export function createAccessToken(token: string): AccessToken {
+export function createRFC8959AccessTokenEncoded(token: string): AccessToken {
   return (
     token.startsWith("secret-token:") ? token : `secret-token:${encodeURIComponent(token)}`
   ) as AccessToken;
 }
+
 /**
  * Create a rfc8959 access token.
  * Adds secret-token: prefix if there is none.
@@ -213,11 +215,12 @@ export function createAccessToken(token: string): AccessToken {
  * @param token
  * @returns
  */
-export function createRFC8959AccessToken(token: string): AccessToken {
+export function createRFC8959AccessTokenPlain(token: string): AccessToken {
   return (
-    token.startsWith("secret-token:") ? token : `secret-token:${encodeURIComponent(token)}`
+    token.startsWith("secret-token:") ? token : `secret-token:${token}`
   ) as AccessToken;
 }
+
 /**
  * Convert string to access token.
  *