Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
2011.6
-
None
-
Operating System: Debian Lenny
PHP Version: 5.3.6
Database and version: 5.0.51a
Browser (and version): ALL
Description
When clicking deny button in authorize url it shows blank page (in oauth/authorize) and don't show any error.
For a woraround edit *kernel/private/modules/oauth/authorize.php*
Replace line 255:
$hasPost = $http->hasPostVariable( 'AuthorizeButton' ) or $http->hasPostVariable( 'DenyButton' );
With:
$hasPost = $http->hasPostVariable( 'AuthorizeButton' ) || $http->hasPostVariable( 'DenyButton' );
Replace also line 102:
error( 'access_denied' );
With:
error( $pRedirectUri, 'access_denied' );
With those two modifications now it's working fine and oauth client can catch the error.
Steps to reproduce
1. Configure a REST Applicacion from the administration interface
2. Go to its authorize URL. Example: http://domain.com/oauth/authorize?client_id=552096f4e4277cd2001b8c9dfeb48&redirect_uri=androidapp://oauth&response_type=token
3. Login as user and click on deny button
4. Blank page is showed