Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid authorization redirect URI appears to redirect to the invalid redirect URI #113

Closed
night opened this Issue Mar 13, 2019 · 0 comments

Comments

Projects
None yet
2 participants
@night
Copy link

night commented Mar 13, 2019

When a user tries to authorize an authorization request containing an invalid redirect URI, the server will redirect said user to the invalid redirect URI.

The code at

def validate_authorization_redirect_uri(self, client):
is validating the redirect URI for the grant, and the code at is redirecting to the grant's redirect_uri despite it being invalid.

The server should probably be handling this by returning the standard error response, not a redirect.

If the resource owner denies the access request or if the request
fails for reasons other than a missing or invalid redirection URI,
the authorization server informs the client by adding the following
parameters to the query component of the redirection URI using the
"application/x-www-form-urlencoded" format, per Appendix B:

see https://tools.ietf.org/html/rfc6749#section-4.1.2.1 for more details

@lepture lepture added the bug label Mar 18, 2019

@lepture lepture closed this in 81fcf1f Mar 18, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.