Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implicit errors are not always redirected in the fragment #114

Closed
night opened this issue Mar 13, 2019 · 1 comment
Closed

Implicit errors are not always redirected in the fragment #114

night opened this issue Mar 13, 2019 · 1 comment
Labels
bug

Comments

@night
Copy link

night commented Mar 13, 2019
edited
Loading

All OAuth2 errors don't seem to be returned properly for implicit grants, as some are sent within the querystring as opposed to the fragment per the RFC.

It looks like the overarching error handling logic isn't customizable per grant, and the authorization server itself has a blanket catch for error handling: https://github.com/lepture/authlib/blob/master/authlib/oauth2/rfc6749/authorization_server.py#L171

If the resource owner denies the access request or if the request
fails for reasons other than a missing or invalid redirection URI,
the authorization server informs the client by adding the following
parameters to the fragment component of the redirection URI using the
"application/x-www-form-urlencoded" format, per Appendix B:

See https://tools.ietf.org/html/rfc6749#section-4.2.2.1 for more details.
@lepture lepture added the bug label Mar 18, 2019
@lepture
Copy link
Owner

lepture commented Mar 18, 2019

Thanks, I've fixed it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lepture @night