Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(auth): OAuth2 access_token in GET query string in userInfoURL #5188

Merged
merged 3 commits into from
Apr 17, 2022
Merged

feat(auth): OAuth2 access_token in GET query string in userInfoURL #5188

merged 3 commits into from
Apr 17, 2022

Conversation

triszt4n
Copy link
Contributor

See #5187

Small patch for using older OAuth2 authorization servers

@auto-assign auto-assign bot requested a review from NGPixel April 14, 2022 19:47
@triszt4n
Copy link
Contributor Author

I'm still thinking about adding only a prop in the definition.yml instead. My solution might create backward-compatibility issues (well, only if someone relies on using an access_token searchParam already for other purposes in their userInfoURL).

@NGPixel
Copy link
Member

NGPixel commented Apr 15, 2022

This should indeed be optional and off by default.

@triszt4n
Copy link
Contributor Author

@NGPixel Applied your suggested modifications, tested it manually with fresh database with my oauth2 config, worked very well.

NGPixel
NGPixel requested changes Apr 16, 2022
View reviewed changes
server/modules/authentication/oauth2/authentication.js Outdated
this._oauth2._useAuthorizationHeaderForGET = true
} else {
this._oauth2._useAuthorizationHeaderForGET = false
url.searchParams.set('access_token', accesstoken)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're creating an url variable, set a searchParams but then it's never used again? Am I missing something?

Also the current default would cause existing installations to suddenly use the opposite behavior. Either set the useAuthorizationHeader default as true or reverse the logic...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Completely forgot about the url variable. Will reverse the logic. Thx for the review gonna mend the things and test them again.

@triszt4n triszt4n requested a review from NGPixel April 16, 2022 15:03
@NGPixel NGPixel merged commit de15103 into requarks:main Apr 17, 2022
NGPixel pushed a commit that referenced this pull request Apr 17, 2022
@triszt4n @NGPixel
feat(auth): OAuth2 access_token in GET query string in userInfoURL (#…
64cdc9f 
…5188)
jionggyu pushed a commit to jionggyu/wiki-2.5.302-patch that referenced this pull request Jul 9, 2024
@triszt4n
feat(auth): OAuth2 access_token in GET query string in userInfoURL (r…
5595500 
…equarks#5188)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NGPixel NGPixel NGPixel approved these changes

Assignees

@NGPixel NGPixel

Labels
needs-work
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@triszt4n @NGPixel