Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: quay-v3.7.0
Affects Version/s: quay-v3.6.6
Component/s: quay.io
Labels:
- triaged

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
StoneSoup MVP Support
Git Pull Request:
https://github.com/quay/quay/pull/1292/files

RICE Score:
0

SFDC Cases Links:
SFDC Cases Counter:

Description

When user is first time requested to authorize oauth

the state parameter is not returned in the callback

There was similar issue https://issues.redhat.com/browse/PROJQUAY-3139, but it seems to be fixed only when user already authorized and is not redirected into "Authorize" page.

I don't know the quay codebase, but it looks like state param is missing here https://github.com/quay/quay/blob/master/endpoints/web.py#L728 so Authorize page does not have it at all and can't send it back to callback.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Screenshot 2022-04-22 at 9.07.56.png
33 kB
2022/04/22 7:12 AM
Screenshot 2022-04-22 at 9.08.41.png
30 kB
2022/04/22 7:12 AM

Issue Links

mentioned on

Merge request - Fix oauth code flow when user has not authorized the app (PROJQUAY-3648)

Activity

People

Assignee:: Syed Ahmed

Reporter:: Michal Vala

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2022/04/22 7:14 AM

Updated:: 2023/02/17 6:49 PM

Resolved:: 2022/04/29 5:14 PM