Allow disabling sending of state parameter
Bug #1449268 reported by
Chris Wayne
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
The Savilerow project |
Fix Released
|
High
|
Kyle Nitzsche | ||
signon-plugin-oauth2 (Ubuntu) |
Fix Released
|
Undecided
|
Alberto Mardegan |
Bug Description
Some account providers are less-than-compliant when it comes to OAuth, and automatically sending a state parameter causes breakage
Changed in signon-plugin-oauth2 (Ubuntu): | |
assignee: | nobody → Alberto Mardegan (mardy) |
status: | New → In Progress |
Changed in savilerow: | |
status: | New → Fix Released |
To post a comment you must log in.
This bug was fixed in the package signon- plugin- oauth2 - 0.22+15. 10.20150603- 0ubuntu1
--------------- plugin- oauth2 (0.22+15. 10.20150603- 0ubuntu1) wily; urgency=medium
signon-
[ Alberto Mardegan ]
* Merge from upstream
- Fix unreliable test
- Disconnect from reply on SSL errors (LP: #1447119)
- Allow disabling the "state" parameter (LP: #1449268)
signon- plugin- oauth2 (0.22+15. 04.20150417- 0ubuntu1) vivid; urgency=medium
[ Alberto Mardegan ]
* New upstream release
- Return the list of granted permissions to the client
- Require Qt5 for building
- Use a "state" parameter to protect against CSRF (LP: #1432857)
[ CI Train Bot ]
* New rebuild forced.
signon- plugin- oauth2 (0.21+15. 04.20150327- 0ubuntu1) vivid; urgency=medium
* New rebuild forced.
signon- plugin- oauth2 (0.21+15. 04.20150319- 0ubuntu1) vivid; urgency=medium
[ Alberto Mardegan ]
* Remove dependency on signon-ui (LP: #1362640)
signon- plugin- oauth2 (0.21+15. 04.20150128- 0ubuntu2) UNRELEASED; urgency=medium
* Merge from upstream
- Proceed with the normal authentication if an error occurs when using the
RefreshToken (LP: #1420934)
- Remove the unused "type" query parameters which breaks DropBox
signon- plugin- oauth2 (0.21+15. 04.20150128- 0ubuntu1) vivid; urgency=medium
[ Alberto Mardegan ] unused- variable
* New upstream release
- Add ForceTokenRefresh flag for forcing a new token
- OAuth2: implement a fallback mechanism when parsing replies
(LP: #1415376)
- Fixes build with -Werror=
- Improve test coverage
signon- plugin- oauth2 (0.20+15. 04.20141110- 0ubuntu1) vivid; urgency=low
[ Ubuntu daily release ]
* New rebuild forced
[ Alberto Mardegan ]
* Merge from upstream
signon- plugin- oauth2 (0.20+15. 04.20141031- 0ubuntu1) vivid; urgency=low
[ Ubuntu daily release ]
* New rebuild forced
[ Alberto Mardegan ] anager (LP: #1377181)
* Delay instantiation of QNetworkAccessM
signon- plugin- oauth2 (0.20+14. 10.20140912. 1-0ubuntu1) utopic; urgency=medium
[ Alberto Mardegan ]
* New upstream release
- OAuth 2.0: follow the spec more closely, add Vimeo support
- Tests: increase test coverage
signon- plugin- oauth2 (0.19+14. 10.20140513- 0ubuntu1) utopic; urgency=low
[ Ubuntu daily release ]
* New rebuild forced
[ Alberto Mardegan ]
* Do not store invalid expiration times (LP: #1316021)
signon- plugin- oauth2 (0.19+14. 10.20140509. 2-0ubuntu1) utopic; urgency=low
[ Ubuntu daily release ]
* New rebuild forced
[ Robert Bruce Park ] signon- plugin- oauth2. install fixes FTBFS (LP:
* Correct path in debian/
#1317986) (LP: #1317986)
signon- plugin- oauth2 (0.19+14. 04.20140305- 0ubuntu2) trusty; urgency=medium
* Build for Architecture:any.
signon- plugin- oauth2 (0.19+14. 04.20140305- 0ubuntu1) trusty; urgency=low
[ CI bot ]
* No change rebuild against Qt 5.2.1.
[ Ubuntu daily release ]
* New rebuild forced
signon- plugin- oauth2 (0.19+14. 04.20131126. 2-0ubuntu1) trusty; urgency=low
[ Alberto Mardegan ]
* New upstream release (0.19)
- OAuth 1.0a: allow oauth_token_secret to be empty.
* New upstream release (0.18)
- OAuth2: Allow clients to provide tokens to store...