You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Doorkeeper::AuthorizationsController checks to see whether or not required parameters are present by running pre_auth.authorizable?in the new action.
This gem modifies the behavior of the :authenticate_resource_owner! before filter that runs prior to the new action. One of the modifications is to inspect the pre_auth object (an instance of OAuth::PreAuthorization) and look at its scopes.
The OAuth::PreAuthorization#scopes method in turn fires the build_scopes private method, which calls client.application.scopes. This method assumes that client is present. However, if you do not initialize the object with @client, it obviously blows up. This has not been an issue in Doorkeeper itself, because usually the OAuth::PreAuthorization object is assumed to be valid. However, this OpenID Connect gem inspects the object before it has been validated.
We have a PR to add a validation check before trying to inspect the scopes.
The text was updated successfully, but these errors were encountered:
The
Doorkeeper::AuthorizationsController
checks to see whether or not required parameters are present by runningpre_auth.authorizable?
in thenew
action.This gem modifies the behavior of the
:authenticate_resource_owner!
before filter that runs prior to thenew
action. One of the modifications is to inspect thepre_auth
object (an instance ofOAuth::PreAuthorization
) and look at itsscopes
.The
OAuth::PreAuthorization#scopes
method in turn fires thebuild_scopes
private method, which callsclient.application.scopes
. This method assumes thatclient
is present. However, if you do not initialize the object with@client
, it obviously blows up. This has not been an issue in Doorkeeper itself, because usually theOAuth::PreAuthorization
object is assumed to be valid. However, this OpenID Connect gem inspects the object before it has been validated.We have a PR to add a validation check before trying to inspect the scopes.
The text was updated successfully, but these errors were encountered: