ruby-openid icon indicating copy to clipboard operation
ruby-openid copied to clipboard
verified publisher icon openid

OpenID::OAuth::Response.from_success_response when NS_URI is missing

Open mikeantonelli opened this issue 9 years ago • 2 comments

When an OpenID::Consumer::SuccessResponse does not include OpenID::OAuth::NS_URI, a call to OpenID::OAuth::Response.from_success_response returns an OpenID::OAuth::Response instance with default values for ns_alias and ns_uri and nil values for request_token and scope.

In order to defend against this, I have coded a check:

def oauth_response(openid_response)
  unless openid_response.message.namespaces.get_alias(OpenID::OAuth::NS_URI).blank?
    OpenID::OAuth::Response.from_success_response openid_response
  end
end

Should OpenID::OAuth::Response.from_success_response return nil or raise an error instead of returning an empty object when the NS_URI isn't present in the OpenID::Consumer::SuccessResponse?

mikeantonelli avatar Feb 04 '16 20:02 mikeantonelli

+1

poloka avatar Feb 05 '16 13:02 poloka

That's a good question. I'm not an expert on OAuth, so if anyone wants to chime in on this: Is the response invalid if the ns_uri is missing? Or is there a valid scenario for this?

tobiashm avatar Feb 05 '16 15:02 tobiashm

This repo is being archived. Closing issue.

timcappalli avatar Jul 24 '23 17:07 timcappalli