"Code" being placed before any hash in return URI - breaks ember apps at least

[rosele...@gmail.com]

Due to the way that ruby's URI module works, I think that this line: https://github.com/nov/rack-oauth2/blob/master/lib/rack/oauth2/util.rb#L37 might be behaving somewhat too naively.

If my return uri is on an Ember App, for instance, the url contains a hash before the end of the path, e.g. "localhost:8000/#/callback/"
everything after the first "#" is considered part of the url's "fragment."

Because of this, I get redirected to something like:

"http://localhost:8000/?code=XXXXXX#/upload"

Instead of: "http://localhost:8000/#/callback?code=XXX"

The code param gets passed in front of the "#" instead of at the end of the url. Because Ember requires the "#" to perform any routing, and my app is looking for a terminating "?key=value" query string, the form which the URL is directed to somewhat breaks the whole auth flow for me. Would it make sense to add a check for any forward-slashes following the hash, to make this line more supportive of apps that use this type of routing?

Any thoughts?

[nov matake]

In such cases, use implicit flow (response_type=token) instead of code flow.

My gem doesn’t explicitly forbid using fragment components in redirect URIs, RFC6749 doesn’t allow such URIs though.

http://tools.ietf.org/html/rfc6749#section-3.1.2

Nov 18, 2013 4:53 PM、rosele...@gmail.com のメール：

--
You received this message because you are subscribed to the Google Groups "Rack::OAuth2" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rack-oauth2...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.