uport-mobile icon indicating copy to clipboard operation
uport-mobile copied to clipboard

Published 20 hours ago verified publisher icon uport-project

App is wrongfully using postback

Open mirceanis opened this issue 6 years ago • 1 comments

When using the unified request URL (https://id.uport.me/req/<JWT>) without specifying a redirect url or callback type, the app does NOT call back with a result even if there is a callback field in the JWT.

The callback behavior is fine when using the deprecated endpoints ( me.uport.me?requestToken=<JWT> )

Working example

The uPort app calls back to https://example.com with the result:

me.uport:me?requestToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJjYWxsYmFjayI6Imh0dHBzOi8vZXhhbXBsZS5jb20iLCJyZXF1ZXN0ZWQiOltdLCJhY3QiOiJub25lIiwidHlwZSI6InNoYXJlUmVxIiwiaWF0IjoxNTQxMTY2Mjg0LCJleHAiOjQ2OTQ3NjYyODQsImlzcyI6ImRpZDpldGhyOjB4Y2YwM2RkMGE4OTRlZjc5Y2I1YjYwMWE0M2M0YjI1ZTNhZTRjNjdlZCJ9.DNmXjNoTkzoYAzGWM3b0JoTUytAtd1bzdUbr9NR_1yqKZNRlDtFbu8P81KjgSBEM6_Rfqx2fu3iIPne6q3qkbgA

Broken callback example

The uPort app does not call back:

https://id.uport.me/req/eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJjYWxsYmFjayI6Imh0dHBzOi8vZXhhbXBsZS5jb20iLCJyZXF1ZXN0ZWQiOltdLCJhY3QiOiJub25lIiwidHlwZSI6InNoYXJlUmVxIiwiaWF0IjoxNTQxMTY2Mjg0LCJleHAiOjQ2OTQ3NjYyODQsImlzcyI6ImRpZDpldGhyOjB4Y2YwM2RkMGE4OTRlZjc5Y2I1YjYwMWE0M2M0YjI1ZTNhZTRjNjdlZCJ9.DNmXjNoTkzoYAzGWM3b0JoTUytAtd1bzdUbr9NR_1yqKZNRlDtFbu8P81KjgSBEM6_Rfqx2fu3iIPne6q3qkbgA

mirceanis avatar Nov 02 '18 13:11 mirceanis

It seems the app is defaulting to postback when not explicitly stated otherwise but because postback_url is missing, it does nothing.

mirceanis avatar Nov 02 '18 14:11 mirceanis