From 43a24de0ccd453baf1e5d1fc92b9f58e5381031f Mon Sep 17 00:00:00 2001
From: jacksonhuether <jacksonhuether@gmail.com>
Date: Wed, 25 Feb 2026 17:57:23 -0500
Subject: [PATCH] Fix missing Content-Type header on OAuth token request

The create_token method sends a form-encoded POST body but does not set
the Content-Type header to application/x-www-form-urlencoded. Some OAuth
servers (including AWS Cognito) return 405 Method Not Allowed when the
header is absent because they cannot identify the request as a valid
form POST.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 lib/fragment_client.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/fragment_client.rb b/lib/fragment_client.rb
index 50ea0e6..db318ed 100644
--- a/lib/fragment_client.rb
+++ b/lib/fragment_client.rb
@@ -166,6 +166,7 @@ def create_token
     uri = URI.parse(@oauth_url.to_s)
     post = Net::HTTP::Post.new(uri.request_uri)
     post.basic_auth(@client_id, @client_secret)
+    post.content_type = "application/x-www-form-urlencoded"
     post.body = format('grant_type=client_credentials&scope=%<scope>s&client_id=%<id>s', scope: @oauth_scope,
                                                                                          id: @client_id)