search

aliev / aioauth

Asynchronous OAuth 2.0 provider for Python 3
https://aliev.me/aioauth
MIT License
214 stars 19 forks source link

Return most /authorize errors as a redirect #71

Closed mgorven closed 1 year ago

mgorven commented 1 year ago

The spec defines that most errors to /authorize should be returned to the redirect URI with error and error_description query params:

If the resource owner denies the access request or if the request
fails for reasons other than a missing or invalid redirection URI,
the authorization server informs the client by adding the following
parameters to the query component of the redirection URI using the
"application/x-www-form-urlencoded" format, per Appendix B:

Add InvalidRedirectURIError and use InvalidClientError for all client_id errors since these should not redirect. Update catch_errors_and_unavailability to optionally return errors as redirects.

codecov-commenter commented 1 year ago

Codecov Report

Merging #71 (54682ab) into master (ac311d9) will decrease coverage by 0.29%. The diff coverage is 95.12%.

:mega: This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##           master      #71      +/-   ##
==========================================
- Coverage   99.66%   99.38%   -0.29%     
==========================================
  Files          14       14              
  Lines         602      650      +48     
  Branches       86       96      +10     
==========================================
+ Hits          600      646      +46     
- Misses          1        2       +1     
- Partials        1        2       +1
Impacted Files Coverage Δ
aioauth/utils.py 97.77% <93.10%> (-2.23%) :arrow_down:
aioauth/errors.py 100.00% <100.00%> (ø)
aioauth/grant_type.py 97.50% <100.00%> (ø)
aioauth/response_type.py 100.00% <100.00%> (ø)
aioauth/server.py 100.00% <100.00%> (ø)
aioauth/config.py 100.00% <0.00%> (ø)
aioauth/models.py 100.00% <0.00%> (ø)

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

aliev commented 1 year ago

Hi @mgorven ! Thank you for your great catch and your PRs. I'll take a look at them today.