Andrew Dodson
Andrew Dodson
The oauth-proxy is already doing CORS polyfills for other networks. Git can merge any branch into MrSwitch/master so however you want to manage it. Thanks
@Rah1x did you create a PR?
@newtonapple that's great I just did a rudimentary test, i found an issue with the state parameter character limit, i.e. this wont work > https://api.login.yahoo.com/oauth2/request_auth?client_id=dj0yJmk9cjVDdHlDaGtrbldJJmQ9WVdrOVYyZFhSWE4yTm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1jOA--&response_type=token&redirect_uri=http%3A%2F%2Flocal.knarly.com%2Fhello.js%2Fredirect.html&display=popup&state=%7B%22client_id%22%3A%22dj0yJmk9cjVDdHlDaGtrbldJJmQ9WVdrOVYyZFhSWE4yTm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1jOA--%22%2C%22network%22%3A%22yahoo%22%2C%22display%22%3A%22popup%22%2C%22callback%22%3A%22_hellojs_22urf8xp%22%2C%22state%22%3A%22%22%2C%22redirect_uri%22%3A%22http%3A%2F%2Flocal.knarly.com%2Fhello.js%2Fredirect.html%22%7D but this will > https://api.login.yahoo.com/oauth2/request_auth?client_id=dj0yJmk9cjVDdHlDaGtrbldJJmQ9WVdrOVYyZFhSWE4yTm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1jOA--&response_type=token&redirect_uri=http%3A%2F%2Flocal.knarly.com%2Fhello.js%2Fredirect.html&display=popup&state=%7B%22client_id%22%3A%22dj0yJmk9cjVDdHlDaGtrbldJJmQ9WVdrOVYyZFhSWE4yTm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1jOA--%22%2C%22network%22%3A%22yahoo%22%2C%22display%22%3A%22popup%22%2C%22callback%22%3A%22_hellojs_22urf8xp%22...
[Yahoo OAuth2 Migration Branch](https://github.com/MrSwitch/hello.js/tree/hello-yahoo-oauth2)
Yet another critical issue with yahoo's OAuth2 state parameter... The state field is formatted such that the encoded double quote character ("), aka (%22) is converted to a plus (+)...
@mikelewis i'm waiting for Yahoo to respond to the bug report. The state data could be saved in alternative ways, but i'm hoping yahoo will fix this soon.
@sahat can you shed light on this Auth issue with Yahoo OAuth2? (and keep your impressive 559 days streak on Github going :+1: )
No response from my bug report at https://hackerone.com/yahoo?. If we all retweeet https://twitter.com/setData/status/580215026771881986 perhaps Yahoo Developer Network might get on this thread.
Thanks @saurabhsahni
@ratheeshkannan Yahoo seems to have gone quiet on this one.