RFC 6749#4.1.2.1 - fix order of error handling #565

kiebzak · 2019-04-23T12:58:07Z

According to https://tools.ietf.org/html/rfc6749#section-4.1.2.1, only when the redirect_uri & client_id were correct, the authorisation server should inform the client that user had denied access.

The change is to move validation of resource owner approval after the
redirect_uri & client_id validation so the correct redirect url is computed.

According to https://tools.ietf.org/html/rfc6749#section-4.1.2.1 once the redirect_uri & client_id is correct authorization server should inform the clinet, that user denied access. The change is to move validation of resource owner approval after the redirect_uri & client identifier validation so the correct redirect url is computed

iczechowski and others added 2 commits January 23, 2018 17:59

Remove commented code

38f9b15

kiebzak changed the title ~~Access denied~~ RFC 6749#4.1.2.1 - fix order of error handling Apr 23, 2019

thomseddon force-pushed the master branch 2 times, most recently from 08f0399 to b84778b Compare May 24, 2020 14:16

FStefanni mentioned this pull request Nov 28, 2021

[meta] list of original project pr node-oauth/node-oauth2-server#89

Closed

33 tasks

smartrecruiters-jenkins-backup2 deleted the access_denied branch July 18, 2024 10:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RFC 6749#4.1.2.1 - fix order of error handling #565

RFC 6749#4.1.2.1 - fix order of error handling #565

kiebzak commented Apr 23, 2019

RFC 6749#4.1.2.1 - fix order of error handling #565

Are you sure you want to change the base?

RFC 6749#4.1.2.1 - fix order of error handling #565

Conversation

kiebzak commented Apr 23, 2019