Bobby McDonald comments

Results 91 comments of


                                            Bobby McDonald

redirect_uri parameter given to authorization endpoint is not identical to the one given to the token endpoint

> How is this still a thing over 4 years later! Come on guys! @machadolab Feel free to make a PR.

Prevent timing attack on CSRF

Closing and reopening to trigger CI

Reuse callback_url between request phase and callback phase

Sorry, I saw this and gave it some thought, but I'm not entirely sure if this could potentially cause cookie overflows if the redirect url was particularly long. I'd also...

Implementing omniauth strategy for authorization code grant

Are you attempting to build a workflow along the lines of PKCE? https://github.com/omniauth/omniauth-oauth2/pull/131

Well, seems it's working now after I upgrade to the latest version. The state parameter can be parsed as I expect.

Why do you need to manually get the state? The strategy handles state verification

Invalid JWT token type (invalid_credentials: OAuth2::Error)

What version of this gem are you on?

Invalid JWT token type (invalid_credentials: OAuth2::Error)

Okay, report the issue to them if you wouldn't mind, we'll have to PR here to pin the version below the breaking one

Possible issue with mirroring back the query params that were passed from authorization server

Thanks for the detailed report @menisy, I will need to do some looking into things as I'm not sure off the bat what the correct behavior is. I'd be willing...

Possible issue with mirroring back the query params that were passed from authorization server

I'm somewhat surprised that the extra params are causing issues, because I've used omniauth-okta before, and okta has some fairly strict redirect uri matching if I recall correctly

I get the response that I need but its considered as authentication Failure

I don't have time to look into this fully at the moment, but you should make sure not to post secrets publicly