Skip to content

Loosely detect the grant URL #23

New issue
New issue
Open
Open
Loosely detect the grant URL#23
Labels
Help Wanted
@MrSwitch

Description

@MrSwitch
MrSwitch
opened on Apr 20, 2017

The grant URL needs to be verified by the proxy server, so it doesn't send credentials to a bad apple. However the Grant URL may change and an update in HelloJS could leave the proxy server out of sync. The result will mean that clients will receive an exception when trying to login via OAuth2 Explicit Grant flow.

There are currently pending tasks related to updating the Auth URL's

  • Update Google Grant URL MrSwitch/helo.js#451
  • Update LinkedIn URL's MrSwitch/helo.js#487

Solutions

  • Test the origin of the grant_url not the whole thing. This would solve LinkedIn's update
  • Preprogram the correct grant_urls for the service, pass a key from the client

Metadata

Metadata

Assignees

No one assigned

    Labels

    Help Wanted

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions