doorkeeper: native_redirect_uri is not a valid redirect_uri in doorkeeper 4.4.1

Steps to reproduce

After generating a grant token, attempt to get the corresponding access token like the following. The important keys are the grant_type and redirect_uri.

    response = page.driver.post(token_url,
      code: access_grant_token,
      client_id: application.uid,
      client_secret: application.secret,
      redirect_uri: "urn:ietf:wg:oauth:2.0:oob",
      grant_type: "authorization_code"
    )

We happen to be using capybara in this test, but it’s just an HTTP POST.

Expected behavior

With doorkeeper 4.2.6, we get the access code in the response body, as expected.

Actual behavior

With doorkeeper 4.4.1, we get this error: {“error”:“invalid_grant”,“error_description”:“The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.”}

I believe this is happening because this line of code which is in master does not exist in version 4.4.1.

https://github.com/doorkeeper-gem/doorkeeper/blob/master/lib/doorkeeper/oauth/helpers/uri_checker.rb#L6

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 2
  • Comments: 16 (5 by maintainers)

Most upvoted comments

@philkcw released to Rubygems

+3
nbulaj on Aug 20, 2018

Hi @philkcw . Couldn’t say when 5.0.0 will be released, but I’ll merge a native redirect URI fix in a 4.4.2 release. Feel free to use 5.0.0.rc2 if you want to have the latest gem features.

+3
nbulaj on Aug 2, 2018

Unfortunately the fix which has been merged has introduced a different regression. 😢 Stay tuned for more details.

+2
philkcw on Aug 22, 2018

@nbulaj thanks! Looking forward to 4.4.2!

+2
philkcw on Aug 2, 2018

Thanks everyone!

+1
philkcw on Aug 21, 2018
Read more comments on GitHub
← doorkeeper: FactoryBot doesn't see Doorkeeper classes
doorkeeper: rails generate doorkeeper:install failing due to missing configuration →