Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-18451

oauth/authorize doesn't work to deny access

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • None
    • 2011.6
    • Legacy > REST interface
    • None

    • Operating System: Debian Lenny
      PHP Version: 5.3.6
      Database and version: 5.0.51a
      Browser (and version): ALL

    Description

      When clicking deny button in authorize url it shows blank page (in oauth/authorize) and don't show any error.

      For a woraround edit *kernel/private/modules/oauth/authorize.php*

      Replace line 255:

      $hasPost = $http->hasPostVariable( 'AuthorizeButton' ) or $http->hasPostVariable( 'DenyButton' );

      With:

      $hasPost = $http->hasPostVariable( 'AuthorizeButton' ) || $http->hasPostVariable( 'DenyButton' );

      Replace also line 102:

      error( 'access_denied' );

      With:

      error( $pRedirectUri, 'access_denied' );

      With those two modifications now it's working fine and oauth client can catch the error.

      Steps to reproduce

      1. Configure a REST Applicacion from the administration interface
      2. Go to its authorize URL. Example: http://domain.com/oauth/authorize?client_id=552096f4e4277cd2001b8c9dfeb48&redirect_uri=androidapp://oauth&response_type=token
      3. Login as user and click on deny button
      4. Blank page is showed

      Attachments

        Activity

          People

            andre1 andre1
            tantajos tantajos
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: