Allow disabling sending of state parameter

Bug #1449268 reported by Chris Wayne
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
The Savilerow project
Fix Released
High
Kyle Nitzsche
signon-plugin-oauth2 (Ubuntu)
Fix Released
Undecided
Alberto Mardegan

Bug Description

Some account providers are less-than-compliant when it comes to OAuth, and automatically sending a state parameter causes breakage

Alberto Mardegan (mardy)
Changed in signon-plugin-oauth2 (Ubuntu):
assignee: nobody → Alberto Mardegan (mardy)
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (6.2 KiB)

This bug was fixed in the package signon-plugin-oauth2 - 0.22+15.10.20150603-0ubuntu1

---------------
signon-plugin-oauth2 (0.22+15.10.20150603-0ubuntu1) wily; urgency=medium

  [ Alberto Mardegan ]
  * Merge from upstream
    - Fix unreliable test
    - Disconnect from reply on SSL errors (LP: #1447119)
    - Allow disabling the "state" parameter (LP: #1449268)

signon-plugin-oauth2 (0.22+15.04.20150417-0ubuntu1) vivid; urgency=medium

  [ Alberto Mardegan ]
  * New upstream release
    - Return the list of granted permissions to the client
    - Require Qt5 for building
    - Use a "state" parameter to protect against CSRF (LP: #1432857)

  [ CI Train Bot ]
  * New rebuild forced.

signon-plugin-oauth2 (0.21+15.04.20150327-0ubuntu1) vivid; urgency=medium

  * New rebuild forced.

signon-plugin-oauth2 (0.21+15.04.20150319-0ubuntu1) vivid; urgency=medium

  [ Alberto Mardegan ]
  * Remove dependency on signon-ui (LP: #1362640)

signon-plugin-oauth2 (0.21+15.04.20150128-0ubuntu2) UNRELEASED; urgency=medium

  * Merge from upstream
    - Proceed with the normal authentication if an error occurs when using the
      RefreshToken (LP: #1420934)
    - Remove the unused "type" query parameters which breaks DropBox

signon-plugin-oauth2 (0.21+15.04.20150128-0ubuntu1) vivid; urgency=medium

  [ Alberto Mardegan ]
  * New upstream release
    - Add ForceTokenRefresh flag for forcing a new token
    - OAuth2: implement a fallback mechanism when parsing replies
      (LP: #1415376)
    - Fixes build with -Werror=unused-variable
    - Improve test coverage

signon-plugin-oauth2 (0.20+15.04.20141110-0ubuntu1) vivid; urgency=low

  [ Ubuntu daily release ]
  * New rebuild forced

  [ Alberto Mardegan ]
  * Merge from upstream

signon-plugin-oauth2 (0.20+15.04.20141031-0ubuntu1) vivid; urgency=low

  [ Ubuntu daily release ]
  * New rebuild forced

  [ Alberto Mardegan ]
  * Delay instantiation of QNetworkAccessManager (LP: #1377181)

signon-plugin-oauth2 (0.20+14.10.20140912.1-0ubuntu1) utopic; urgency=medium

  [ Alberto Mardegan ]
  * New upstream release
    - OAuth 2.0: follow the spec more closely, add Vimeo support
    - Tests: increase test coverage

signon-plugin-oauth2 (0.19+14.10.20140513-0ubuntu1) utopic; urgency=low

  [ Ubuntu daily release ]
  * New rebuild forced

  [ Alberto Mardegan ]
  * Do not store invalid expiration times (LP: #1316021)

signon-plugin-oauth2 (0.19+14.10.20140509.2-0ubuntu1) utopic; urgency=low

  [ Ubuntu daily release ]
  * New rebuild forced

  [ Robert Bruce Park ]
  * Correct path in debian/signon-plugin-oauth2.install fixes FTBFS (LP:
    #1317986) (LP: #1317986)

signon-plugin-oauth2 (0.19+14.04.20140305-0ubuntu2) trusty; urgency=medium

  * Build for Architecture:any.

signon-plugin-oauth2 (0.19+14.04.20140305-0ubuntu1) trusty; urgency=low

  [ CI bot ]
  * No change rebuild against Qt 5.2.1.

  [ Ubuntu daily release ]
  * New rebuild forced

signon-plugin-oauth2 (0.19+14.04.20131126.2-0ubuntu1) trusty; urgency=low

  [ Alberto Mardegan ]
  * New upstream release (0.19)
    - OAuth 1.0a: allow oauth_token_secret to be empty.
  * New upstream release (0.18)
    - OAuth2: Allow clients to provide tokens to store...

Read more...

Changed in signon-plugin-oauth2 (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Kyle Nitzsche (knitzsche) wrote :

The "can't log into Instagram" bug 1466232 that was marked a dup of this is not yet fixed.

phablet@ubuntu-phablet:~$ apt-cache policy signon-plugin-oauth2
signon-plugin-oauth2:
  Installed: 0.22+15.04.20150603-0ubuntu1

phablet@ubuntu-phablet:~$ system-image-cli -i
current build number: 49
device name: krillin
channel: ubuntu-touch/rc-proposed/bq-aquaris.en
last update: 2015-06-25 13:01:42
version version: 49
version ubuntu: 20150625
version device: 20150529-8e13c5f
version custom: 20150528-722-29-15-vivid

Revision history for this message
Alberto Mardegan (mardy) wrote :

The instagram plugin indeed had the problem which was fixed by this change, so the duplicate status is not totally wrong.

Please file a new bug, providing the syslog.

Revision history for this message
Yuan-Chen Cheng (ycheng-twn) wrote :

instagram bug in: LP: #1481082

Changed in savilerow:
assignee: nobody → Kyle Nitzsche (knitzsche)
Revision history for this message
Yuan-Chen Cheng (ycheng-twn) wrote :

@kyle, please mark this as fix release if you also agree that instagram is not belong to here.

Changed in savilerow:
importance: Undecided → High
Changed in savilerow:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.