Comments (12)
snowcrash-arin
commented on May 28, 2024
To add more details, running convert_token a second time with a different backend token doesn't yield the same result. The issue only happens when running for the second time with the same backend token.
from drf-social-oauth2.
fahedmahidi
commented on May 28, 2024
To add even more details : the second request fails.
from drf-social-oauth2.
wagnerdelima
commented on May 28, 2024
Guys, you are clearly not reading the docs. This package has almost 12k downloads a month. Surely I have misconfigured the settings.
from drf-social-oauth2.
snowcrash-arin
commented on May 28, 2024
@wagnerdelima Can you provide details on which settings were misconfigured and confirm if you were able to replicate the issue? Just fyi, this behavior happens not only from curl, but also on the DRF API page.
from drf-social-oauth2.
wagnerdelima
commented on May 28, 2024
@snowcrash-arin that's my concern exactly. I was not able to replicate the issue.
from drf-social-oauth2.
wagnerdelima
commented on May 28, 2024
@fahedmahidi @snowcrash-arin FYI:
I completely misread this issue. In your instructions, you added "Run curl with -i parameter(-i shows header contents)". Yes, it will add the headers in the response because you are passing -i:
from drf-social-oauth2.
snowcrash-arin
commented on May 28, 2024
@fahedmahidi @snowcrash-arin FYI: I completely misread this issue. In your instructions, you added "Run curl with -i parameter(-i shows header contents)". Yes, it will add the headers in the response because you are passing -i:
If you look at the screenshot, it shows user environments, not just the headers, which is security concern. Additionally, I made note of the fact that this issue is occurring on the DRF API page.
from drf-social-oauth2.
wagnerdelima
commented on May 28, 2024
@snowcrash-arin what do you mean by "DRF API page"?
from drf-social-oauth2.
wagnerdelima
commented on May 28, 2024
I am investigating this issue @snowcrash-arin. So far I have got no clue on how to solve it. Any ideas will be welcome.
from drf-social-oauth2.
wagnerdelima
commented on May 28, 2024
@snowcrash-arin @fahedmahidi I believe this is fixed now. Please retest it with the latest published version 2.1.1.
Also, check the newly published readthedocs page: https://drf-social-oauth2.readthedocs.io/en/latest/
from drf-social-oauth2.
snowcrash-arin
commented on May 28, 2024
Thanks @wagnerdelima! I'll test it and let you know sometime this month. I stopped working on it due to the security concern.
from drf-social-oauth2.
wagnerdelima
commented on May 28, 2024
@snowcrash-arin please do! Let me know :)
from drf-social-oauth2.
Related Issues (20)
- Add Documentation for invalidate-refresh-tokens url
- Create ReadTheDocs Documentation
- Custom Payload for the JWT tokens HOT 1
- convert-token return access_denied in facebook backend HOT 3
- Authorization backend function do_auth called twice HOT 1
- 500 Character limit exceeded HOT 2
- "error": "access_denied", "error_description": "Your credentials aren't allowed" HOT 4
- Apparently any token valid by Google Auth, even if generated by another CLIENT_ID is accepting it, is that correct? HOT 1
- "token": [ "Ensure this field has no more than 500 characters." ] } HOT 1
- Competing Authentication Tokens when using multiple devices HOT 1
- PLEASE STOP SPAMMING EMAILS
- dupe
- Lack of clarity in documentation about exposing the "Client Secret" for Social Apps
- I am getting this weird bug while making a post request on auth/convert-token
- Process of authentication
- [Question] How to use the convert token logic inside Django? HOT 6
- Invalid Client Error
- 2000 character limit exceeded using convert token endpoint HOT 1
- Error access_denied: Your credentials aren't allowed
- "name 'IntegrityError' is not defined"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from drf-social-oauth2.