New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAUTH very seriously error with fake base64 decode #4835
Comments
There is:
Need:
|
I've mentioned this earlier as part of this problem: #4497 (step 2 in the latest comment) However, this seems to be the intended behavior for certain flows. E.g. the oauth flow from meteor tool, which only adds the credentialtoken to the query state. But then still, it is a bit weird that an error is displayed in the console. |
Need to check BASE64 string encoding, and if it is not, return clean string. |
It actually does this, but further down the road. So basically it tries to base64 decode and if this fails, the OAuth._stateFromQuery will throw, which is usually caught in the calling function (e.g. in OAuth._credentialTokenFromQuery), which thens return the clean string (which is the credential token) instead. So this seems to be correct behavior, but it's a bit weird that this is being done by throwing and logging errors. |
But there is not fails and fails later!! |
Not weird at all, because it is server console. |
Whats-a-problem to write properly code? Need to fix it! How I can make pull request? HNWASaivraqvc3Dk4 is-not-a Base64 string, so simply to check it.
https://en.wikipedia.org/wiki/Base64 NOT STUPID try-catch, Many people caught this error and "was made nice code and thats work proper"? Actually not. No, does it not work how need. Instead, changes in the two lines code we are Arguing. What For? Meteor is big and expensive project and yes, code must be orderly and straight. Thank you for understanding! |
Pull Request:
|
so, this code works good.
Problem closed. |
@psy21d if you would like to submit a Pull Request on GitHub so that we can review and consider merging, follow these directions: https://help.github.com/articles/using-pull-requests/ |
related issue #8678 |
meteor/packages/oauth/oauth_server.js
Google it:
(oauth_server.js:78) Unable to parse state from OAuth query: FAKEFAKEKAKE
People get drubbing together with obtaining query.state on many oauth services, because oauth_server.js parse answer as base 64 without disassembling when it is not base 64 at all.
And, no information on internet about this problem.
Please, fix it recently.
The text was updated successfully, but these errors were encountered: