Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Authz endpoint passes state parameter unmodified

Download Browse

Part of story #14570 Authorization grant confirmation page How to test: - Assuming that you have created an OAuth2 app with a redirect endpoint, for example "https://example.com" - go to https://tuleap.example.com/oauth2_server/authorize?client_id=<client_id>&state=xyz&redirect_uri=https%3A%2F%2Fexample.com (scopes and response_type omitted intentionally) You should be redirected to https://example.com?state=xyz&error=invalid_request Change-Id: I7ba04ae14efc073d2234757d952cf828e3e02817

+82 −142
Joris MASSON (jmasson) 2020-02-26 15:55
Joris MASSON (jmasson) 2020-02-27 09:53
ef699dd370ea401f047369342d11fe56758cf2bc
0f7951f9e755104a2790a505ef4a2d417e0f3dd2
git #tuleap/stable/ef699dd370ea401f047369342d11fe56758cf2bc

Modified Files

Side by side diff
Inline diff
Name
M plugins/oauth2_server/include/AuthorizationServer/AuthorizationEndpointGetController.php +18 −5 Go to diff View file
M plugins/oauth2_server/phpunit/AuthorizationServer/AuthorizationEndpointGetControllerTest.php +64 −137 Go to diff View file