"Not authenticated" appears with "Scope required" error

KorAP / Kalamar

:octopus: Mojolicious-based Frontend for KorAP

BSD 2-Clause "Simplified" License

7 stars 2 forks source link

"Not authenticated" appears with "Scope required" error #192

Closed margaretha closed 1 year ago

margaretha commented 1 year ago

When sending an authorization request without scope, Kalamar throws "not authenticated" error.

Example request:

https://korap.ids-mannheim.de/instance/test/settings/oauth/authorize?client_id=client_id&redirect_uri=redirect_urit&response_type=code&state=ZMwDGTZ2RY

Akron commented 1 year ago

Only when the user is not authenticated ... right?

Akron commented 1 year ago

We discussed this topic in Slack. I don't think the user should be encouraged to log in, when a wrong and potentially malicious authorization request is done. To avoid this error message, the user should be lead to the start page, in case it is not logged in. When logged in, the settings page is fine and may help to check already granted authorizations.