Problem with “code” url request

  • Resolved Tii

    (@tii)


    2 years ago

    in the file class-mo-oauth-widget.php on line 340, the if has isset($_REQUEST[‘code’]) as one of the condition to get into it.
    Unfortunatly, this is causing problem with one of my other custom made plugin who is sending out links with a “code” request in it.
    Would it be possible to review this condition and maybe add one more condition to it in order to avoid breaking all links that would have a “code” request in it ?

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi,

    Thank you for reaching out to us.

    As per the standard SSO protocols like OAuth 2.0 and OpenID connect 1.0, in the authorization code grant, the code parameter was sent as a response from the Identity provider in the $_REQUEST, you can check the details in the RFC specifications. That’s why we cannot modify the condition as we are receiving the response from IDP and our plugin has to catch that response for further processing. But we can add a check to handle the request coming from your custom code.

    You can share your request format, the parameter required along with code, so we can add a check in our plugin for that. You can send us a query from the support form inside the plugin. We will be happy to help you.

    Thanks,

    Thread Starter Tii

    (@tii)

    I have no problem with you testing the response, the problem is that there is just a simple condition that is isset($_REQUEST[‘code’]) with non of your context or route it should be tested on, meaning that anybody who would use a ‘code’ request parameter would crash his website!

    The should be a condition like

    (isset($_REQUEST[‘code’]) && inMiniOrangeWidgetContext())

    in order to avoid this

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Problem with “code” url request’ is closed to new replies.