diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-08-16 12:38:22 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-08-16 12:38:22 +0300 |
commit | a2fa0e9ed35da83e4e6a2c4f5282473d132e1497 (patch) | |
tree | 4a03c0f020421e85f2f147ce7f15160e7b762a83 /yarns/300-end-user-auth.yarn | |
parent | 371b445213a8d38948b655ce16f5b7ccf9ba6e46 (diff) | |
download | qvisqve-a2fa0e9ed35da83e4e6a2c4f5282473d132e1497.tar.gz |
Fix: add state= parameter to redirect URI after successful auth
Diffstat (limited to 'yarns/300-end-user-auth.yarn')
-rw-r--r-- | yarns/300-end-user-auth.yarn | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/yarns/300-end-user-auth.yarn b/yarns/300-end-user-auth.yarn index da79b03..98295fb 100644 --- a/yarns/300-end-user-auth.yarn +++ b/yarns/300-end-user-auth.yarn @@ -149,6 +149,7 @@ browser see it. AND HTTP Location header starts with https://facade/callback? AND HTTP Location header is saved as LOCATION AND authorization code from LOCATION is saved as CODE + AND state from LOCATION is RANDOM The browser follows the redirect to the facade. The facade extracts the authorization code, and uses its own client credentials to |