Google Sign In OAuth2 Security Flaw

[rish07]

Hey @himanshusharma89
I was going through the app and came across the following issue:

1. I pressed sign in with google on the sign-up page.
2. Didn't select an account and pressed back.
3. The app redirected me to the Dashboard with null values with though I wasn't authenticated.

I am attaching a screenshot of the app being logged in without auth.

I would like to work on this issue as well along with the Github auth implementation during Hacktoberfest.

[github-actions]

We shall look into this issue. Thanks for bringing it to our notice!

[himanshusharma89]

Go ahead @rish07. Assigning this issue to you.

[himanshusharma89]

Any update @rish07?

[rish07]

Hey @himanshusharma89,
I actually have an exam tomorrow so I'll fix it by tomorrow evening.

[himanshusharma89]

Okay, @rish07. Good luck.

[himanshusharma89]

Also, the null value is still there after successful sign-up, but it doesn't occur if we restart the app. I checked the mapping methods, it is fine but still, the issue is there. Have a look into this also.

[rish07]

Sure

[arbazdiwan]

@himanshusharma89, I would like to solve this issue if @rish07 is facing any problems.

[himanshusharma89]

@arbazdiwan, @rish07 will work on it and update us soon

[arbazdiwan]

ok Himanshu

…

On Sat, 3 Oct 2020, 10:22 pm HIMANSHU SHARMA, ***@***.***> wrote: @arbazdiwan <https://github.com/arbazdiwan>, @rish07 <https://github.com/rish07> will work on it and update us soon — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#275 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AF5PZSHJGI36AVJ5PO27VYDSI5JENANCNFSM4R46CGVA> .