ncsa / oa4mp

Open Authorization for MyProxy
https://oa4mp.org/
Other
8 stars 10 forks source link

Tomact as an authorization server broken #187

Closed jjg-123 closed 3 months ago

jjg-123 commented 6 months ago

Using Tomcat as the auth server is broken for both device flow and standard auth code flow. Mostly this has need been tested in some time and got left behind by evolution. In particular, there is also no consent screen for device flow if the user already has logged in.

Also, device flow should run the handlers at the appropriate time in this case and it is not.

jjg-123 commented 6 months ago

Brian Bockelman observed this in https://github.com/ncsa/oa4mp/issues/181.