Hi,
I'm just starting to upgrade from the old api, but unfortunately have hit a blocker at the oAuth stage.
When sending a user off to
https://api.assembla.com/authorization to allow the given user to approve access, it is also be possible to send the state param along with the (code and client_id) and this should then be returned to the client along with th
e authorization code when redirecting back to the client
. (If it helps, heres part of the oAuth spec that outlines it
http://tools.ietf.org/html/rfc6749#section-4.1.1 )
There is one instance where this does not work correctly with Assembla:
- If the user has already granted access to the application, the situation with state being returned works fine.
- However if the user is new to the requesting application and is therefore shown the "application is requiring your resource access." page, when the user clicks on 'Allow' and is returned to the client, the state param is not returned with them.
Would you be able to look into this and see if its possible to have this param returned in the second instance too?
Thanks,
Scott