jnweiger
commented
2 years ago Similar to https://github.com/owncloud/oauth2/issues/309 - likely a duplicate... -- if so, the issue persists in 0.5.2
Closed jnweiger closed 5 months ago
jnweiger
commented
2 years ago Similar to https://github.com/owncloud/oauth2/issues/309 - likely a duplicate... -- if so, the issue persists in 0.5.2
jnweiger
commented
2 years ago Reproduced with core 10.9.0-beta1 and client 2.9.2-rc5 and oauth2-0.5.2
jvillafanez
commented
2 years ago Similar to https://github.com/owncloud/oauth2/issues/309 - likely a duplicate... -- if so, the issue persists in 0.5.2
Same thoughts. It seems related to the "user switch" feature.
As said in the linked ticket, I think it's better to change the button to a "logout" button and let the user restart the process from the client.
Assuming the client doesn't have a browser with a valid ownCloud session, the flow seems to work fairly well even if the user hasn't logged in yet. The only problem is that the "authorization-successful" page should be public. Currently, that page requires the user to be logged in, which is a bit weird. It seems the flow doesn't login the user / doesn't create a valid session, so ownCloud requires login to access to the "authorization-successful" page even though the client already has a valid token and can access ownCloud from that point.
Seen with oauth2-0.5.2 on ownCloud 10.8.1 prealpha (daily) Build:2021-11-16T22:03:07+00:00 3e5ae8e8a76638d92d0167dfa3ea306c41d1bf08
On a second attempt, the client can authorize just fine.