Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Change validate_user/validate_grant_type order for Resource Owner Password Grant #643

New issue
New issue
Open
Open
Change validate_user/validate_grant_type order for Resource Owner Password Grant#643
Labels
BreakingBreaking change, to go in the next major release.BugOAuth2-ProviderThis impact the provider part of OAuth2
Milestone
4.0.0
@JonathanHuot

Description

@JonathanHuot
JonathanHuot
opened on Jan 8, 2019

The flows shown in the dot graph (see #642 (comment)) uncovered an issue in the order of the calls.

Resource Owner Password Grant

validate_grant_type is called AFTER validate_user, which can lead to unexpected behavior depending of the validate_user implementation (e.g. create a session on the idP side but should be forbidden). For the other flows, validate_grant_type is correctly called BEFORE.

image

Since it changes the request validator calling order, it is considered as a breaking change.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BreakingBreaking change, to go in the next major release.BugOAuth2-ProviderThis impact the provider part of OAuth2

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions