AuthCodeURL should not include empty values

MrDangerous / goauth2

Automatically exported from code.google.com/p/goauth2

BSD 3-Clause "New" or "Revised" License

0 stars 0 forks source link

AuthCodeURL should not include empty values #41

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Use an oauth.Config that doesn't make use of optional fields like Scope, 
AccessType, or ApprovalPrompt.
2. Call config.AuthCodeURL(foo). Useless parameters are included in the URL.

What is the expected output? What do you see instead?

I expect to see something like this:

https://example.com/auth?client_id=ClientId&redirect_uri=http%3A%2F%2Flocalhost%
3A8080%2Fhandler&response_type=code&state=foo

But instead I see this:

https://example.com/auth?access_type=&approval_prompt=&client_id=ClientId&redire
ct_uri=http%3A%2F%2Flocalhost%3A8080%2Fhandler&response_type=code&scope=&state=f
oo

What version of the product are you using? On what operating system?

Please provide any additional information below.

Original issue reported on code.google.com by griffin...@gmail.com on 26 Aug 2014 at 3:40

GoogleCodeExporter commented 9 years ago

https://codereview.appspot.com/130560044

Original comment by a...@golang.org on 26 Aug 2014 at 8:09

Changed state: Started

GoogleCodeExporter commented 9 years ago

I took a look at your proposed changes and noticed you don't consider scope to 
be an optional parameter, but the client *is* allowed to omit it [1], and that 
seems to me to be the only reasonable behavior for services with no documented 
scope strings. For example, the Harvest API doesn't make any use of it [2].

[1]: http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-3.3
[2]: https://github.com/harvesthq/api/blob/master/Authentication/OAuth%202.0.md

Original comment by griffin...@gmail.com on 26 Aug 2014 at 3:42

GoogleCodeExporter commented 9 years ago

This issue was closed by revision 80c87b4b6700.

Original comment by a...@golang.org on 27 Aug 2014 at 1:41

Changed state: Fixed

GoogleCodeExporter commented 9 years ago

Thanks for your feedback. I made the scope and redirect uri fields optional too

Original comment by a...@golang.org on 27 Aug 2014 at 4:08

GoogleCodeExporter commented 9 years ago

Thanks, it was a simple issue but I still didn't expect such a quick turnaround 
time!

Original comment by griffin...@gmail.com on 27 Aug 2014 at 6:15