songkick / oauth2-provider

Simple OAuth 2.0 provider toolkit
MIT License
526 stars 146 forks source link

Infinite query loop when attempt to grant_access to same client for same user subsequently #86

Closed priyaaank closed 7 years ago

priyaaank commented 9 years ago

I am still exploring both oauth and oauth2-provider currently. In my specific use case, I have a login with facebook on mobile app side. I intend to use assertions, since they seem to be the most relevant way to login the user using facebook credentials.

I have noticed that if a user grants access to an app once again, which has a valid token existing, the frameworks get into an infinite loop.

For example I create a resource owner User model and App as the Client. A simple query like below in irb shell will show you, then when it is fired twice one after other, the second one results in an infinite query loop.

User.first.grant_access!(Songkick::OAuth2::Model::Client.first, :response_type => "token")

I intend to return an access token from the authorization object. But should I put explicit checks before calling this code that a valid token exist or not. Moreoever looks like we store only the hash of access_token in database, so I can't return client that for sure. Should I expire that explicitly and create a new one to return?

If those checks are needed on application part then it is ok, however I want to make sure that they are needed.

priyaaank commented 9 years ago

Upon more investigation figured out that problem is fixed here: 323536f4fbd8dd5281744ab04288889cb9440aad

Before helpers were introduced the query to check the count of tokens was always returning true. This must be due to activerecord version issue. So I guess, once I have helpers available, this would be fixed automatically.

Any idea, when this would be released. As it seems to be there on master but not in the current latest version of the gem. Which is 0.10.2

jivdhaliwal commented 7 years ago

v0.10.3 was just released and includes the changes you mentioned.

priyaaank commented 7 years ago

Thanks!