Closed jornane closed 3 years ago
When initializing the authorization flow, the app generates a random state (this is correct) but then does not verify this.
The state parameter is generated here: https://github.com/geteduroam/ionic-app/blob/ba6a02fbac1dd8c2644e1a282edd0ebdbf00896e/src/src/providers/geteduroam-services/geteduroam-services.ts#L112
But not checked here: https://github.com/geteduroam/ionic-app/blob/ba6a02fbac1dd8c2644e1a282edd0ebdbf00896e/src/src/pages/oauthFlow/oauthFlow.ts#L131
Additionally, the redirect_url does not verify that token_type is set to Bearer.
token_type
Bearer
Fixed in #55
jornane
commented
3 years ago jornane
commented
3 years ago
When initializing the authorization flow, the app generates a random state (this is correct) but then does not verify this.
The state parameter is generated here: https://github.com/geteduroam/ionic-app/blob/ba6a02fbac1dd8c2644e1a282edd0ebdbf00896e/src/src/providers/geteduroam-services/geteduroam-services.ts#L112
But not checked here: https://github.com/geteduroam/ionic-app/blob/ba6a02fbac1dd8c2644e1a282edd0ebdbf00896e/src/src/pages/oauthFlow/oauthFlow.ts#L131
Additionally, the redirect_url does not verify that
token_typeis set toBearer.