Whenever an external client tries obtain an authorization code by accessing /oauth2/authorize?client_id={client_id}&response_type=code&state=start it gets redirected to the login page, how are external clients supposed to obtain an authorization code and then a subsequent access token if they're not allowed to access the page
This is happening due to the following code block in oauth2_server.pages.inc, it checks if the user is logged in, thus preventing anonymous users from accessing the page even though anonymous users have the permission 'use oauth2 server'
// The user is not logged in. Redirect to login.
if (!user_is_logged_in()) {
$query = array(
'destination' => 'oauth2/authorize',
);
drupal_goto('user/login', array('query' => $query));
}
How can an external client obtain access token? I am trying to use this oauth2 server module to provide resource authentication for the services module. Am I doing something wrong? Please help
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
How does the function user_is_logged_in() check the permission? It always check if $user->uid > 0. How anonymous user with appropriate permission can bypass this check?
The check is OK, but the destination query parameter drops the initial request query parameters, which causes data loss.