[jira] [Commented] (AIRFLOW-2185) OAuth2 based auth backends include query parameter in redirect_uri
[ https://issues.apache.org/jira/browse/AIRFLOW-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16405265#comment-16405265 ] Sam Schlegel commented on AIRFLOW-2185: --- [~Fokko] Thanks! > OAuth2 based auth backends include query parameter in redirect_uri > -- > > Key: AIRFLOW-2185 > URL: https://issues.apache.org/jira/browse/AIRFLOW-2185 > Project: Apache Airflow > Issue Type: Bug > Components: authentication >Affects Versions: 1.9.0 >Reporter: Sam Schlegel >Assignee: Sam Schlegel >Priority: Major > Fix For: 2.0.0 > > > Both the Google OAuth2 and GHE authentication plugins include the `next_url` > as a query parameter in redirect_uri. This breaks at least Google OAuth2, > unless you include the query parameter in the authorized redirection URI. > This isn't the most flexible solution, as you would have to do the same for > every potential next URL, and seems to go against the OAuth2 spec. > Instead the next_url should be sent via the state parameter which MUST be > maintained by all spec compliant OAuth2 implementations, and is not used when > comparing redirection URIs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AIRFLOW-2185) OAuth2 based auth backends include query parameter in redirect_uri
[ https://issues.apache.org/jira/browse/AIRFLOW-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16400052#comment-16400052 ] ASF subversion and git services commented on AIRFLOW-2185: -- Commit eeca38396015589f767f8836d5d8aa7ac010 in incubator-airflow's branch refs/heads/master from [~SamSchlegel] [ https://git-wip-us.apache.org/repos/asf?p=incubator-airflow.git;h=eeca383 ] [AIRFLOW-2185] Use state instead of query param Both the Google OAuth2 and GHE authentication plugins include the `next_url` as a query parameter in redirect_uri. This breaks at least Google OAuth2, unless you include the query parameter in the authorized redirection URI. This isn't the most flexible solution, as you would have to do the same for every potential next URL, and seems to go against the OAuth2 spec. Instead the next_url should be sent via the state parameter which MUST be maintained by all spec compliant OAuth2 implementations, and is not used when comparing redirection URIs. Closes #3103 from samschlegel/AIRFLOW-2185 > OAuth2 based auth backends include query parameter in redirect_uri > -- > > Key: AIRFLOW-2185 > URL: https://issues.apache.org/jira/browse/AIRFLOW-2185 > Project: Apache Airflow > Issue Type: Bug > Components: authentication >Affects Versions: 1.9.0 >Reporter: Sam Schlegel >Assignee: Sam Schlegel >Priority: Major > Fix For: 2.0.0 > > > Both the Google OAuth2 and GHE authentication plugins include the `next_url` > as a query parameter in redirect_uri. This breaks at least Google OAuth2, > unless you include the query parameter in the authorized redirection URI. > This isn't the most flexible solution, as you would have to do the same for > every potential next URL, and seems to go against the OAuth2 spec. > Instead the next_url should be sent via the state parameter which MUST be > maintained by all spec compliant OAuth2 implementations, and is not used when > comparing redirection URIs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AIRFLOW-2185) OAuth2 based auth backends include query parameter in redirect_uri
[ https://issues.apache.org/jira/browse/AIRFLOW-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16400051#comment-16400051 ] ASF subversion and git services commented on AIRFLOW-2185: -- Commit eeca38396015589f767f8836d5d8aa7ac010 in incubator-airflow's branch refs/heads/master from [~SamSchlegel] [ https://git-wip-us.apache.org/repos/asf?p=incubator-airflow.git;h=eeca383 ] [AIRFLOW-2185] Use state instead of query param Both the Google OAuth2 and GHE authentication plugins include the `next_url` as a query parameter in redirect_uri. This breaks at least Google OAuth2, unless you include the query parameter in the authorized redirection URI. This isn't the most flexible solution, as you would have to do the same for every potential next URL, and seems to go against the OAuth2 spec. Instead the next_url should be sent via the state parameter which MUST be maintained by all spec compliant OAuth2 implementations, and is not used when comparing redirection URIs. Closes #3103 from samschlegel/AIRFLOW-2185 > OAuth2 based auth backends include query parameter in redirect_uri > -- > > Key: AIRFLOW-2185 > URL: https://issues.apache.org/jira/browse/AIRFLOW-2185 > Project: Apache Airflow > Issue Type: Bug > Components: authentication >Affects Versions: 1.9.0 >Reporter: Sam Schlegel >Assignee: Sam Schlegel >Priority: Major > Fix For: 2.0.0 > > > Both the Google OAuth2 and GHE authentication plugins include the `next_url` > as a query parameter in redirect_uri. This breaks at least Google OAuth2, > unless you include the query parameter in the authorized redirection URI. > This isn't the most flexible solution, as you would have to do the same for > every potential next URL, and seems to go against the OAuth2 spec. > Instead the next_url should be sent via the state parameter which MUST be > maintained by all spec compliant OAuth2 implementations, and is not used when > comparing redirection URIs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AIRFLOW-2185) OAuth2 based auth backends include query parameter in redirect_uri
[ https://issues.apache.org/jira/browse/AIRFLOW-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16388401#comment-16388401 ] Sam Schlegel commented on AIRFLOW-2185: --- Fix available in https://github.com/apache/incubator-airflow/pull/3103 > OAuth2 based auth backends include query parameter in redirect_uri > -- > > Key: AIRFLOW-2185 > URL: https://issues.apache.org/jira/browse/AIRFLOW-2185 > Project: Apache Airflow > Issue Type: Bug > Components: authentication >Affects Versions: 1.9.0 >Reporter: Sam Schlegel >Assignee: Sam Schlegel >Priority: Major > > Both the Google OAuth2 and GHE authentication plugins include the `next_url` > as a query parameter in redirect_uri. This breaks at least Google OAuth2, > unless you include the query parameter in the authorized redirection URI. > This isn't the most flexible solution, as you would have to do the same for > every potential next URL, and seems to go against the OAuth2 spec. > Instead the next_url should be sent via the state parameter which MUST be > maintained by all spec compliant OAuth2 implementations, and is not used when > comparing redirection URIs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
