Skip to content

Fail with oauth errors instead of masking them#309

Open
thefloweringash wants to merge 1 commit intosimi:masterfrom
thefloweringash:fix-oauth-errors
Open

Fail with oauth errors instead of masking them#309
thefloweringash wants to merge 1 commit intosimi:masterfrom
thefloweringash:fix-oauth-errors

Conversation

@thefloweringash
Copy link

@thefloweringash thefloweringash commented Nov 16, 2018

Fixes #192 by making the code parameter optional, and allows the super method to raise errors.

I defer to the authors to assess the security implications.

@kevingriffin
Copy link

kevingriffin commented Aug 2, 2019

Any chance of getting this merged?

@github-actions
Copy link

github-actions bot commented Jan 23, 2020

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@thefloweringash
Copy link
Author

thefloweringash commented Jan 24, 2020

The logic in master still requires all responses, including error responses, to include a code, and throws and fails if the response doesn't. I believe this PR is still relevant and not stale.

@simi
Copy link
Owner

simi commented Jan 24, 2020

@thefloweringash hello, thanks for check and your activity. The reason of marking this as a stale is to bring back some activity.

This introduces backwards incompatible change AFAIK. I'll test and see what we can do about that other than bumping major version. Some kind of deprecation cycle will be nice. Any ideas?

@simi simi mentioned this pull request Jan 24, 2020
Closed
@github-actions
Copy link

github-actions bot commented Feb 24, 2020

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@chrisandreae
Copy link

chrisandreae commented Sep 17, 2021

To me, this seems like fixing a bug rather than changing an intended spec. As such, I don't feel that a major version change should be necessary.

I think there's an expectation coming from Omniauth that strategies will pass up an error returned from the provider's callback. That omniauth-facebook didn't do this (and instead crashed out with :no_authorization_code) is deviating from that spec. Fixing that isn't changing the expected behaviour between omniauth and its consumers, since the expected spec was already to do the updated behaviour.

This is an externally observable behavior change, but that is true of any bug fix. I don’t think it’s reasonable to say that every bug fix is a backward-incompatible change because some inputs are no longer mishandled. (At some level, every change is an XKCD spacebar heater!)

@kevingriffin
Copy link

kevingriffin commented Jun 6, 2022

Was any testing done on this to work out if it'd be possible to get it in?

@molfar
Copy link

molfar commented Sep 18, 2022

Why is this PR is not merged?

@simi
Copy link
Owner

simi commented Sep 18, 2022

It is not clear to me how to release (per #309 (comment)).

Would be major bump enough?

@kevingriffin
Copy link

kevingriffin commented Sep 19, 2022

As @chrisandreae commented, although it is introducing a change, the change is to remove a crash. Perhaps someone is relying on the crash, if it doesn’t seem like it’s necessarily a major bump to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

pinned

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

NoAuthorizationCodeError when user cancels authorization with FB

5 participants

@thefloweringash @kevingriffin @simi @chrisandreae @molfar