authgear-server icon indicating copy to clipboard operation
authgear-server copied to clipboard
verified publisher icon authgear

Invalid Auth Flow API endpoint returns CSRF error

Open buildbro opened this issue 1 year ago • 1 comments

Describe the bug I tried a couple of wrong endpoints to see if /api/v1/ will return HTTP status code 404. For example, the following URLs returned CSRF errors instead:

  • /api/v1/authentication_flows/states/inputs (correct endpoint is /api/v1/authentication_flows/states/input ends with input and not inputs)
  • /api/v1/authentication_flow (correct endpoint is /api/v1/authentication_flows ends with flows and not flow)

Authgear Version

  • Version: SaaS [or Date/Version]

To Reproduce Steps to reproduce the behavior:

  1. Open Postman
  2. Create a new request to /api/v1/authentication_flows
  3. Alter any character after /v1/ such that you end up with an invalid endpoint.
  4. See error

Expected behavior Return 404.

Screenshots SCR-20240506-kycp

Client Env (if applicable, please complete the following information):

  • Device: [e.g. Desktop, Smartphone]
  • OS: [e.g. Windows, iOS]
  • Browser [e.g. chrome, safari]
  • Browser Version [e.g. 22]

Additional context Add any other context about the problem here.

buildbro avatar May 06 '24 11:05 buildbro

DEV-1277 Invalid Auth Flow API endpoint returns CSRF error

linear[bot] avatar May 06 '24 11:05 linear[bot]