Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect handling of user "denial" in AuthorizeHandler.prototype.handle #456

Open
kryysler opened this issue Nov 8, 2017 · 0 comments · May be fixed by #576 or #649
Open

Incorrect handling of user "denial" in AuthorizeHandler.prototype.handle #456

kryysler opened this issue Nov 8, 2017 · 0 comments · May be fixed by #576 or #649

Comments

@kryysler
Copy link

kryysler commented Nov 8, 2017

According to https://tools.ietf.org/html/rfc6749#section-4.1.2.1, the access_denied scenario should produce a redirect_uri (if valid) with appropriate "error" params set. Currently, however, the access ("request.query.allowed") is checked before validating the input params, including the redirect_uri, and throws an exception instead.

https://github.com/oauthjs/node-oauth2-server/blob/master/lib/handlers/authorize-handler.js#L81
YousefED added a commit to YousefED/node-oauth2-server that referenced this issue Jul 29, 2019
@YousefED
Update authorize-handler.js
0cce90b 
fixes oauthjs#456
@YousefED YousefED linked a pull request Jul 29, 2019 that will close this issue
Open
@yonatankalman yonatankalman linked a pull request Aug 14, 2020 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@kryysler