Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix that authorization code is returned by fragment if response_mode is fragament #1511

Merged
merged 1 commit into from May 20, 2021
Merged

Fix that authorization code is returned by fragment if response_mode is fragament #1511

merged 1 commit into from May 20, 2021

Conversation

nhosoya
Copy link
Contributor

@nhosoya nhosoya commented May 18, 2021
edited

Summary

There is a problem that the authorization code is returned in the query even if "fragment" is specified for response_mode in the authorization request.

Other Information

Whether the authorization code is returned as a query or as a fragment is determined by the following in CodeResponse.

doorkeeper/lib/doorkeeper/oauth/code_response.rb

Lines 43 to 47 in a56b1a5

elsif response_on_fragment
Authorization::URIBuilder.uri_with_fragment(pre_auth.redirect_uri, body)
else
Authorization::URIBuilder.uri_with_query(pre_auth.redirect_uri, body)
end

In order for this to be determined correctly, response_on_fragment must be passed when initializing CodeResponse.
However, since response_on_fragment is not specified when CodeReponse is initialized in CodeRequest.
Therefore, the authorization code is always returned in query.

@nhosoya nhosoya force-pushed the fix/response_mode-is-fragment branch 2 times, most recently from 1fca5af to 647eb82 Compare May 18, 2021 07:52
@nhosoya nhosoya marked this pull request as draft May 18, 2021 10:49
@nhosoya nhosoya marked this pull request as ready for review May 18, 2021 10:53
@nhosoya nhosoya force-pushed the fix/response_mode-is-fragment branch from 647eb82 to 64d35be Compare May 19, 2021 08:08
nbulaj
nbulaj approved these changes May 20, 2021
View reviewed changes
Copy link
Member

@nbulaj nbulaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@nbulaj nbulaj merged commit 76c6ed6 into doorkeeper-gem:main May 20, 2021
@nhosoya nhosoya deleted the fix/response_mode-is-fragment branch May 20, 2021 07:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@houndci-bot houndci-bot houndci-bot left review comments

@nbulaj nbulaj nbulaj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nhosoya @nbulaj @houndci-bot