Skip to content

Fixed order of checks in authorize-handler #112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 25, 2022
Merged

Fixed order of checks in authorize-handler #112

merged 2 commits into from
Aug 25, 2022

Conversation

FStefanni
Copy link
Contributor

Summary

This pr postpones a check, as mandated by the standard. Citing the original pr:

According to https://tools.ietf.org/html/rfc6749#section-4.1.2.1, only when the redirect_uri & client_id were correct, the authorisation server should inform the client that user had denied access.

The change is to move validation of resource owner approval after the
redirect_uri & client_id validation so the correct redirect url is computed.

I have checked the standard, and this seems fine to me.

The code is slightly different from the original pr, since the development branch had some further improvements
that this pr preserves.

Linked issue(s)

Issue 89 point 11, original pr 565

Added tests?

Yes

OAuth2 standard

https://tools.ietf.org/html/rfc6749#section-4.1.2.1

@FStefanni FStefanni mentioned this pull request Dec 26, 2021
Closed
33 tasks
@jankapunkt jankapunkt linked an issue Jan 13, 2022 that may be closed by this pull request
[meta] list of original project pr #89
Closed
33 tasks
@jankapunkt
Copy link
Member

@Uzlopak @HappyZombies @jorenvandeweyer should we include this in 4.2.0 ?

@jankapunkt jankapunkt added this to the v4.3 milestone Aug 25, 2022
@jankapunkt jankapunkt changed the base branch from development to v4.3.0-dev August 25, 2022 12:29
@jankapunkt jankapunkt merged commit 848b0bb into node-oauth:v4.3.0-dev Aug 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jankapunkt jankapunkt jankapunkt approved these changes

@Uzlopak Uzlopak Awaiting requested review from Uzlopak

@HappyZombies HappyZombies Awaiting requested review from HappyZombies

@jorenvandeweyer jorenvandeweyer Awaiting requested review from jorenvandeweyer

@jwerre jwerre Awaiting requested review from jwerre

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v4.3

Development

Successfully merging this pull request may close these issues.

[meta] list of original project pr

2 participants

@FStefanni @jankapunkt