stable

Clone or download

Read-only

Authz endpoint allows only Authorization code grant type

Part of story #14570 Authorization grant confirmation page How to test: - Go to a project's administration - Create an OAuth2 app with a redirect endpoint, for example "https://tuleap.example.com/redirect" - Copy its client id from the table - go to https://tuleap.example.com/oauth2_server/authorize?client_id=<client_id>&response_type=code&redirect_uri=https%3A%2F%2Ftuleap.example.com%2Fredirect The authorization form should display. Omitting or modifying the response_type parameter should redirect you to the redirect_uri with an error parameter like "error=invalid_request". If you provide a "key=value" query parameter in the client's redirect_uri, it should not be modified when redirected. Change-Id: Ie9a9ea753af9e2a8f90fc9bbbfe4d1be6cd84192

Modified Files

Name
M plugins/oauth2_server/include/AuthorizationServer/AuthorizationEndpointGetController.php +35 −2 Go to diff View file
M plugins/oauth2_server/phpunit/AuthorizationServer/AuthorizationEndpointGetControllerTest.php +53 −1 Go to diff View file