Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Authz endpoint allows only Authorization code grant type

Download Browse

Part of story #14570 Authorization grant confirmation page How to test: - Go to a project's administration - Create an OAuth2 app with a redirect endpoint, for example "https://tuleap.example.com/redirect" - Copy its client id from the table - go to https://tuleap.example.com/oauth2_server/authorize?client_id=<client_id>&response_type=code&redirect_uri=https%3A%2F%2Ftuleap.example.com%2Fredirect The authorization form should display. Omitting or modifying the response_type parameter should redirect you to the redirect_uri with an error parameter like "error=invalid_request". If you provide a "key=value" query parameter in the client's redirect_uri, it should not be modified when redirected. Change-Id: Ie9a9ea753af9e2a8f90fc9bbbfe4d1be6cd84192

+88 −3
Joris MASSON (jmasson) 2020-02-25 10:45
Joris MASSON (jmasson) 2020-02-25 15:02
baa4c6d21d21aa423748fc0e67433012c592445f
6cf96e8ecead8d9e019bd664d4954ef088b664a7
git #tuleap/stable/baa4c6d21d21aa423748fc0e67433012c592445f

Modified Files

Side by side diff
Inline diff
Name
M plugins/oauth2_server/include/AuthorizationServer/AuthorizationEndpointGetController.php +35 −2 Go to diff View file
M plugins/oauth2_server/phpunit/AuthorizationServer/AuthorizationEndpointGetControllerTest.php +53 −1 Go to diff View file