Contrib.social

Optional state query parameter

Open on Drupal.org β†’
Created on 26 June 2023, over 1 year ago
Updated 5 July 2023, over 1 year ago

Problem/Motivation

I'm implementing client OAuth for Booking Experts. Following their standard Oauth implementation guide - a code based authorization as described here, I stumble upon a missing state query parameter which is required by OauthResponse and throws an error if not present.

I understand the purpose of the state token (preventing CSRF attacks) but the state parameter, as described in the oauth specs: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-00#section-4...
is only required when the initial authorization request used it.

And in this case, the flow is initialized by the resource owner in the third party app.

Steps to reproduce

See above.

Proposed resolution

Add additional plugin configuration (optional state param) for this kind of flow?

Remaining tasks

Discuss.

User interface changes

Possible config form.

API changes

None.

Data model changes

None.

πŸ’¬ Support request
Status

Fixed

Version

4.0

Component

Code

Created by

πŸ‡³πŸ‡±Netherlands askibinski

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024