Missing the response_type when using decision page in implicit mode

strongloop / loopback-component-oauth2

oAuth 2.0 server for LoopBack

http://www.strongloop.com

Other

62 stars 63 forks source link

Missing the response_type when using decision page in implicit mode #22

Closed wascou closed 8 years ago

wascou commented 9 years ago

When I use the Implict mode, using the decisionPage options triggers an error :

{
error: "invalid_request",
error_description: "Missing required parameter: response_type"
}

It seems that the following line is missing :

response_type: req.oauth2.req.type,

in the following block code in oauth2-loopback.js

if (options.decisionPage) {
        var urlObj = {
          pathname: options.decisionPage,
          query: {
            response_type: req.oauth2.req.type,
            transactionId: req.oauth2.transactionID,
            userId: req.oauth2.user.id,
            clientId: req.oauth2.client.id,
            scope: req.oauth2.req.scope,
            redirectURI: req.oauth2.redirectURI
          }
        };
        return res.redirect(url.format(urlObj));
      }

raymondfeng commented 9 years ago

Your client should send a request to the authorization endpoint as follows:

https://localhost:3001/oauth/authorize?client_id=123&redirect_uri=https://localhost:3001/server-side-app.html&response_type=token&scope=demostate=123

Please the response_type param MUST be token.

wascou commented 9 years ago

Hi,

I tried what you said but got another error : client_id is required. I set it, and then 'redirect_uri' error popped. It seems that their is a wrong mapping at this point.

I actually drop this feature and use the regular decisionView option that works well.

Thank you.

Max

royklopper commented 9 years ago

If you take the request @raymondfeng posted as an example, you see it requires a client_id in it's params. The client_id is unique identifier of the application you should have created.

wascou commented 9 years ago

Actually, I tested this in the following way :

Set up a classic gateway project
Add the decisionPage options
Use implict mode with client included inside the project

I got the error on each of the params and it seems that clientId is forwarded instead of _clientid.

I drop this configuration as it was not working and I use the dialogView instead and set every parameters I needed.

Thank you for the answer !

Max

richardpringle commented 8 years ago

This looks good to close to me! Please re-open and mention me in a comment if an issue persists.

Cheers