search

Kong / insomnia

The open-source, cross-platform API client for GraphQL, REST, WebSockets, SSE and gRPC. With Cloud, Local and Git storage.
https://insomnia.rest
Apache License 2.0
34.4k stars 1.94k forks source link

OAuth 2 Bug: Grant Code not automatically detected in Redirect URI after successful authentication #3175

Open skywinston opened 3 years ago

skywinston commented 3 years ago

After a successful authorization, the app that we are authenticating into with OAuth2 redirects to the Redirect URI supplied and appends the grant code in the code query string param. Insomnia is not displaying any signs that it has successfully noticed the redirect and grabbed the code from the redirect URI.

Here is a screencast demonstrating the problem. I had to blur out some sensitive info, but it gets the idea across.

https://user-images.githubusercontent.com/700803/110540006-32043480-80e3-11eb-9e78-90f65cafc869.mp4

dimitropoulos commented 3 years ago

Thanks for the report! This seems like it completely breaks the OAuth2 flow in this case. Is that accurate? @skywinston do you know of any workaround?

I tried to make an account for transactiondesk.com but they don't like penguins apparently! haha. (I'm on linux)Screenshot_20210325_112627

@nijikokun when you are confirming this, you may have more success on mac.

__

I'm not a mockbin master, but is this possible to simulate using mockbin? https://github.com/Kong/kong-oauth2-hello-world/blob/master/README.md seems to have a similar example

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.