Skip to content

RFC 6749#4.1.2.1 - fix order of error handling#565

Open
kiebzak wants to merge 2 commits intooauthjs:masterfrom
sr-archived:access_denied
Open

RFC 6749#4.1.2.1 - fix order of error handling#565
kiebzak wants to merge 2 commits intooauthjs:masterfrom
sr-archived:access_denied

Conversation

@kiebzak
Copy link

@kiebzak kiebzak commented Apr 23, 2019

According to https://tools.ietf.org/html/rfc6749#section-4.1.2.1, only when the redirect_uri & client_id were correct, the authorisation server should inform the client that user had denied access.

The change is to move validation of resource owner approval after the
redirect_uri & client_id validation so the correct redirect url is computed.

iczechowski and others added 2 commits January 23, 2018 17:59
@iczechowski
Compute the correct redirect_uri in case of resource over denies access
9037614 
According to https://tools.ietf.org/html/rfc6749#section-4.1.2.1
once the redirect_uri & client_id is correct authorization server should
inform the clinet, that user denied access.

The change is to move validation of resource owner approval after the
redirect_uri & client identifier validation so the correct redirect url
is computed
@kiebzak
Remove commented code
38f9b15
@kiebzak kiebzak changed the title Access denied RFC 6749#4.1.2.1 - fix order of error handling Apr 23, 2019
@thomseddon thomseddon force-pushed the master branch 2 times, most recently from 08f0399 to b84778b Compare May 24, 2020 14:16
@FStefanni FStefanni mentioned this pull request Nov 28, 2021
Closed
33 tasks
@smartrecruiters-jenkins-backup2 smartrecruiters-jenkins-backup2 deleted the access_denied branch July 18, 2024 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kiebzak @iczechowski