Sam Schlegel created AIRFLOW-2185:

             Summary: OAuth2 based auth backends include query parameter in 
                 Key: AIRFLOW-2185
             Project: Apache Airflow
          Issue Type: Bug
          Components: authentication
    Affects Versions: 1.9.0
            Reporter: Sam Schlegel
            Assignee: Sam Schlegel

Both the Google OAuth2 and GHE authentication plugins include the `next_url` as 
a query parameter in `redirect_uri`. This breaks at least Google OAuth2, unless 
you include the query parameter in the authorized redirect URI. This isn't the 
most flexible solution, as you would have to do the same for every potential 
next URL.

Instead, the next_url should be passed via state, per [[RFC6749] Section 

This message was sent by Atlassian JIRA

Reply via email to