Issue 245 in accounts-sso: OAuth OAuth2 web_server authorization url has an extra parameter "type" that breaks Dropbox.
8 views
Skip to first unread message
accoun...@googlecode.com
Feb 9, 2015, 12:11:52 AM2/9/15
to accounts-...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 245 by bobo1993...@gmail.com: OAuth OAuth2 web_server
authorization url has an extra parameter "type" that breaks Dropbox.
https://code.google.com/p/accounts-sso/issues/detail?id=245
I quite know how accounts-sso works. I use Ubuntu Online Account and the
authorization url it generates doesn't work for Dropbox.
The url it generates for authorization is
https://www.dropbox.com/1/oauth2/authorize?redirect_uri=http%3A%2F%2Flocalhost&type=web_server&response_type=token&client_id=2n3x34hh0g822al.
And Dropbox api rejects it, saying it has unknown parameter "type"
I know it Dropbox's problem as it should ignore unknown parameter. But is
it possible to remove type=web_server parameter in the authorization url?
Sorry that I don't know how to use and debug accounts-sso. Here is how I
finds this issue on Ubuntu phone
What steps will reproduce the problem?
1. configuration
<group name="auth">
<setting name="method">oauth2</setting>
<setting name="mechanism">web_server</setting>
<group name="oauth2">
<group name="web_server">
<setting name="Host">api.dropbox.com</setting>
<setting name="AuthPath">1/oauth2/authorize</setting>
<setting name="TokenPath">1/oauth2/token</setting>
<setting name="ResponseType">token</setting>
<setting name="RedirectUri">http://localhost</setting>
<setting name="ClientId">2n3x34hh0g822al</setting>
<setting type="as" name="AllowedSchemes">['https']</setting>
</group>
</group>
</group>
The url it generates for authorization is
https://www.dropbox.com/1/oauth2/authorize?redirect_uri=http%3A%2F%2Flocalhost&type=web_server&response_type=token&client_id=2n3x34hh0g822al.
And Dropbox api rejects it, saying it has unknown parameter "type"
2.
3.
What is the expected output? What do you see instead?
The authorization url should not have the "type=web_server" parameter
What version of the product are you using? On what operating system?
Ubuntu 15.04 (r91)
Please provide any additional information below.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 245 by bobo1993...@gmail.com: OAuth OAuth2 web_server
authorization url has an extra parameter "type" that breaks Dropbox.
https://code.google.com/p/accounts-sso/issues/detail?id=245
I quite know how accounts-sso works. I use Ubuntu Online Account and the
authorization url it generates doesn't work for Dropbox.
The url it generates for authorization is
https://www.dropbox.com/1/oauth2/authorize?redirect_uri=http%3A%2F%2Flocalhost&type=web_server&response_type=token&client_id=2n3x34hh0g822al.
And Dropbox api rejects it, saying it has unknown parameter "type"
I know it Dropbox's problem as it should ignore unknown parameter. But is
it possible to remove type=web_server parameter in the authorization url?
Sorry that I don't know how to use and debug accounts-sso. Here is how I
finds this issue on Ubuntu phone
What steps will reproduce the problem?
1. configuration
<group name="auth">
<setting name="method">oauth2</setting>
<setting name="mechanism">web_server</setting>
<group name="oauth2">
<group name="web_server">
<setting name="Host">api.dropbox.com</setting>
<setting name="AuthPath">1/oauth2/authorize</setting>
<setting name="TokenPath">1/oauth2/token</setting>
<setting name="ResponseType">token</setting>
<setting name="RedirectUri">http://localhost</setting>
<setting name="ClientId">2n3x34hh0g822al</setting>
<setting type="as" name="AllowedSchemes">['https']</setting>
</group>
</group>
</group>
The url it generates for authorization is
https://www.dropbox.com/1/oauth2/authorize?redirect_uri=http%3A%2F%2Flocalhost&type=web_server&response_type=token&client_id=2n3x34hh0g822al.
And Dropbox api rejects it, saying it has unknown parameter "type"
2.
3.
What is the expected output? What do you see instead?
The authorization url should not have the "type=web_server" parameter
What version of the product are you using? On what operating system?
Ubuntu 15.04 (r91)
Please provide any additional information below.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
accoun...@googlecode.com
Feb 9, 2015, 3:39:50 AM2/9/15
to accounts-...@googlegroups.com
Comment #1 on issue 245 by alex.kan...@gmail.com: OAuth OAuth2 web_server
authorization url has an extra parameter "type" that breaks Dropbox.
https://code.google.com/p/accounts-sso/issues/detail?id=245
type parameter was specified in early drafts of OAuth2 RFC (it was removed
https://code.google.com/p/accounts-sso/issues/detail?id=245
in draft 9). Apparently Qt oauth2 plugin was never updated to the final
version of the specification :)
gsso on the other hand strictly follows the final RFC.
Reply all
Reply to author
Forward
0 new messages