fix(core): Fix OAuth1 callback token request (#14251)

packages/cli/src/controllers/oauth/__tests__/oauth1-credential.controller.test.ts

@@ -230,15 +230,11 @@ describe('OAuth1CredentialController', () => {
 			});
 			jest.spyOn(Csrf.prototype, 'verify').mockReturnValueOnce(true);
 			nock('https://example.domain')
-				.post('/oauth/access_token', {
-					oauth_token: 'token',
-					oauth_verifier: 'verifier',
-				})
+				.post('/oauth/access_token', 'oauth_token=token&oauth_verifier=verifier')
 				.once()
 				.reply(200, 'access_token=new_token');
 
 			await controller.handleCallback(req, res);
-
 			const dataCaptor = captor();
 			expect(credentialsRepository.update).toHaveBeenCalledWith(
 				'1',

packages/cli/src/controllers/oauth/oauth1-credential.controller.ts

@@ -118,10 +118,12 @@ export class OAuth1CredentialController extends AbstractOAuthController {
 			const [credential, _, oauthCredentials] =
 				await this.resolveCredential<OAuth1CredentialData>(req);
 
-			const oauthToken = await axios.post<string>(oauthCredentials.accessTokenUrl, {
-				oauth_token,
-				oauth_verifier,
-			});
+			// Form URL encoded body https://datatracker.ietf.org/doc/html/rfc5849#section-3.5.2
+			const oauthToken = await axios.post<string>(
+				oauthCredentials.accessTokenUrl,
+				{ oauth_token, oauth_verifier },
+				{ headers: { 'content-type': 'application/x-www-form-urlencoded' } },
+			);
 
 			// Response comes as x-www-form-urlencoded string so convert it to JSON