pixelfed icon indicating copy to clipboard operation
pixelfed copied to clipboard
verified publisher icon pixelfed

OAuth: please return the `state` property in the redirect error payload

Open johnspurlock opened this issue 1 year ago • 1 comments

To reproduce:

  • Generate an authorization url to pixelfed.social requesting an unsupported scope (like write:follows)
  • Pixelfed correctly redirects with an error like
{
  "error": "invalid scope",
  "error_description": "The requested scope is...",
  "hint": "Check the ...",
  "message": "The requested scope..."
}

Really covering all of the bases there!

However, it's missing the state parameter to identify which request this belongs to. Can you include it in these payloads so callers can be confident knowing which request failed and do the right thing in their UI?

Thanks!

johnspurlock avatar Sep 05 '24 22:09 johnspurlock

Confirmed state is returned in the success case, just not the error case

johnspurlock avatar Sep 05 '24 23:09 johnspurlock