jackson Code Exchange: A token is created even if a wrong tenant/product is passed to the request.

Code Exchange: A token is created even if a wrong tenant/product is passed to the request.

Open devkiran opened this issue 4 years ago • 1 comments

curl --request POST \
  --url 'http://localhost:5000/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'grant_type=authorization_code' \
  --data 'client_id=<a invalid tenant and product combination>' \
  --data 'client_secret=<some value>' \
  --data 'redirect_uri=<redirect URL>' \
  --data 'code=<code from the query parameter above>'

Issue Summary

The token creation method doesn't evaluate the tenant and product is valid or not. It validates only the code at the moment.

Dec 06 '21 19:12 devkiran

Makes sense, similar to https://github.com/boxyhq/jackson/issues/28 all attributes should be validated at every step.

Dec 06 '21 22:12 deepakprabhakara

jackson jackson copied to clipboard

Code Exchange: A token is created even if a wrong tenant/product is passed to the request.

Issue Summary

jackson
jackson copied to clipboard