Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider letting redirect url respect response_mode after receiving invalid request on authorization endpoint #1554

Open
RolandGuijt opened this issue May 20, 2024 · 0 comments
Open

Consider letting redirect url respect response_mode after receiving invalid request on authorization endpoint #1554

RolandGuijt opened this issue May 20, 2024 · 0 comments
Labels
investigating
Milestone
8.0.0

Comments

@RolandGuijt
Copy link

AuthorizeRequestValidator in the ValidateCoreParameters method only applies the received response_mode (e.g. "fragment") to the redirect url after checking for grant type and PKCE errors. When such errors occurs it returns from the method too early.

See issue DuendeSoftware/Support#1238

Considerations around this:

  • Fixing it will be a breaking change
  • The mentioned error types are unsafe errors that should result in displaying an error page. The redirect url isn't supposed to be used.
  • But, when getting the error context we do have access to the redirect url which now always uses the "query" formatting because that is the default.
@brockallen brockallen added this to the 8.0.0 milestone Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
investigating
Projects
None yet
Milestone
8.0.0
Development

No branches or pull requests
2 participants
@brockallen @RolandGuijt