Conflict with Nextend Social login

  • Anonymous User 15325940

    (@anonymized-15325940)


    2 years, 10 months ago

    I tried to contact the developer by email ([email protected]), but the email address does not work.

    Maybe you can fix it. What caused the error:

    In the init() function, this is how they decide whether they should run their codes ( that trigger the redirects ) or not:

    if (isset($_GET[‘code’])) {…}

    and this is not enough, as the ‘code’ parameter is used by almost every other plugins / theme that handles the communication with the OAuth2 protocol.

    So every time somebody starts an OAuth request and receives a response with the ‘code’, this “Mastodon Autopost” plugin will start run its codes and trigger a redirect, so they break the OAuth flow of everybody.

    They should only run these codes, if the request was actually made by them. For example, by also checking the “loginSocial” GET parameter that is put into the URL of the requests

Viewing 1 replies (of 1 total)
  • Plugin Author Simon Frey

    (@l1am0)

    Tried to add that loginSocial that you proposed, but don’t see that query parameter in the url. Sadly only the “?code=” is present.

Viewing 1 replies (of 1 total)
  • The topic ‘Conflict with Nextend Social login’ is closed to new replies.