airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Schlegel (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AIRFLOW-2185) OAuth2 based auth backends include query parameter in redirect_uri
Date Tue, 06 Mar 2018 19:09:00 GMT

     [ https://issues.apache.org/jira/browse/AIRFLOW-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sam Schlegel updated AIRFLOW-2185:
----------------------------------
    Description: 
Both the Google OAuth2 and GHE authentication plugins include the `next_url` as a query parameter
in `redirect_uri`. This breaks at least Google OAuth2, unless you include the query parameter
in the authorized redirect URI. This isn't the most flexible solution, as you would have to
do the same for every potential next URL.

Instead, the next_url should be passed via state, per [https://tools.ietf.org/html/rfc6749#section-3.1.2]

  was:
Both the Google OAuth2 and GHE authentication plugins include the `next_url` as a query parameter
in `redirect_uri`. This breaks at least Google OAuth2, unless you include the query parameter
in the authorized redirect URI. This isn't the most flexible solution, as you would have to
do the same for every potential next URL.

Instead, the next_url should be passed via state, per [ [RFC6749] Section 3.1.2|[https://tools.ietf.org/html/rfc6749#section-3.1.2|https://tools.ietf.org/html/rfc6749#section-3.1.2]]]


> OAuth2 based auth backends include query parameter in redirect_uri
> ------------------------------------------------------------------
>
>                 Key: AIRFLOW-2185
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-2185
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: authentication
>    Affects Versions: 1.9.0
>            Reporter: Sam Schlegel
>            Assignee: Sam Schlegel
>            Priority: Major
>
> Both the Google OAuth2 and GHE authentication plugins include the `next_url` as a query
parameter in `redirect_uri`. This breaks at least Google OAuth2, unless you include the query
parameter in the authorized redirect URI. This isn't the most flexible solution, as you would
have to do the same for every potential next URL.
> Instead, the next_url should be passed via state, per [https://tools.ietf.org/html/rfc6749#section-3.1.2]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message