yii2-oauth2-server
yii2-oauth2-server copied to clipboard
rhertogh
Multiple issues while integrating this module to Yii app
Describe the bug
I have installed and configured this modules as per the guide mentioned in the docs.
It works partly.
Part 1:
Whenever I click on client "Login with OAuth2 server", I am redirected to server page:
When I click allow I don't get access token and request to server API fails and thus failing this entire operation
Part 2:
Now again I click on client "Login with OAuth2 server", I am redirected to server page:
I click "Allow" and everything works properly. I am able to login in client by server's OAuth mechanism successfully.
Part 3:
Now again I click on client "Login with OAuth2 server", I am redirected to page mentioned in part 1. I click allow and operation fails.
Now again I click on client "Login with OAuth2 server", I am redirected to page mentioned in part 2. I click allow and operation succeed.
Now again I click on client "Login with OAuth2 server", I am redirected to page mentioned in part 1. I click allow and operation fails.
Now again I click on client "Login with OAuth2 server", I am redirected to page mentioned in part 2. I click allow and operation succeed.
This goes on...
Secondly:
Whenever I click enable in Part 1 oauth2_user_client_scope.enable column is updated from true to false.
To Reproduce Steps to reproduce the behavior:
- Install this module in Yii app as mentioned in docs
- oauth2_client row:
{
"oauth2_client": [
{
"id" : 3,
"identifier" : "mango-id",
"name" : "mango-name",
"type" : 2,
"secret" : "2021-01-01::3vUCADtKx59NPQl3\/1fJXmppRbiug3iccJc1S9XY6TPvLE02\/+ggB8GtIc24J5oMTj38NIPIpNt8ClNDS7ZBI4+ykNxYOuEHQfdkDiUf5WVKtLegx43gLXfq",
"old_secret" : null,
"old_secret_valid_until" : null,
"logo_uri" : null,
"tos_uri" : null,
"contacts" : null,
"redirect_uris" : "\"[\\\"http:\/\/localhost:7878\/web\/index.php?r=user%2Fsecurity%2Fauth&authclient=oauthserver\\\"]\"",
"allow_variable_redirect_uri_query" : false,
"token_types" : 1,
"grant_types" : 5,
"scope_access" : 0,
"end_users_may_authorize_client" : true,
"user_account_selection" : null,
"allow_auth_code_without_pkce" : false,
"skip_authorization_if_scope_is_allowed" : false,
"client_credentials_grant_user_id" : null,
"oidc_allow_offline_access_without_consent" : false,
"oidc_userinfo_encrypted_response_alg" : null,
"enabled" : true,
"created_at" : 1690463297,
"updated_at" : 1690463297
}
]}
- oauth2_scope row:
{
"oauth2_scope": [
{
"id" : 2,
"identifier" : "read_user",
"description" : null,
"authorization_message" : null,
"applied_by_default" : 1,
"required_on_authorization" : true,
"enabled" : true,
"created_at" : 1690463275,
"updated_at" : 1690463275
}
]}
- oauth2_user_client_scope table row:
{
"oauth2_user_client_scope": [
{
"user_id" : 1,
"client_id" : 3,
"scope_id" : 2,
"enabled" : true,
"created_at" : 1691406603,
"updated_at" : 1691572338
}
]}
Expected behavior
- It should not show page shown in Part 1. But only page of Part 2. Part 1 is not needed at all.
- Once I allow scope authorization on server, it should not ask again (unless access token is expired or I revoked access from server)
Actual behavior
Mentioned above in description
Screenshots
Added above in description
Environment (please complete the following information):
- Server OS/Environment: Docker version 24.0.5, build ced0996 & Ubuntu 22.04.2 LTS
- Browser: Brave
Additional context
I use PgSQL as DB in server and Mysql in client
