node-oauth-shim icon indicating copy to clipboard operation
node-oauth-shim copied to clipboard
verified publisher icon MrSwitch

Loosely detect the grant URL

Open MrSwitch opened this issue 9 years ago • 0 comments

The grant URL needs to be verified by the proxy server, so it doesn't send credentials to a bad apple. However the Grant URL may change and an update in HelloJS could leave the proxy server out of sync. The result will mean that clients will receive an exception when trying to login via OAuth2 Explicit Grant flow.

There are currently pending tasks related to updating the Auth URL's

  • Update Google Grant URL MrSwitch/helo.js#451
  • Update LinkedIn URL's MrSwitch/helo.js#487

Solutions

  • Test the origin of the grant_url not the whole thing. This would solve LinkedIn's update
  • Preprogram the correct grant_urls for the service, pass a key from the client

MrSwitch avatar Apr 20 '17 22:04 MrSwitch