Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implicit errors are not always redirected in the fragment #114

Closed
night opened this Issue Mar 13, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@night
Copy link

night commented Mar 13, 2019

All OAuth2 errors don't seem to be returned properly for implicit grants, as some are sent within the querystring as opposed to the fragment per the RFC.

It looks like the overarching error handling logic isn't customizable per grant, and the authorization server itself has a blanket catch for error handling: https://github.com/lepture/authlib/blob/master/authlib/oauth2/rfc6749/authorization_server.py#L171

If the resource owner denies the access request or if the request
fails for reasons other than a missing or invalid redirection URI,
the authorization server informs the client by adding the following
parameters to the fragment component of the redirection URI using the
"application/x-www-form-urlencoded" format, per Appendix B:

See https://tools.ietf.org/html/rfc6749#section-4.2.2.1 for more details.

@lepture lepture added the bug label Mar 18, 2019

@lepture lepture closed this in 6e7cc1a Mar 18, 2019

@lepture

This comment has been minimized.

Copy link
Owner

lepture commented Mar 18, 2019

Thanks, I've fixed it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.