You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Sam Schlegel (JIRA)" <ji...@apache.org> on 2018/03/06 19:07:00 UTC

[jira] [Created] (AIRFLOW-2185) OAuth2 based auth backends include query parameter in redirect_uri

Sam Schlegel created AIRFLOW-2185:
-------------------------------------

             Summary: OAuth2 based auth backends include query parameter in redirect_uri
                 Key: AIRFLOW-2185
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-2185
             Project: Apache Airflow
          Issue Type: Bug
          Components: authentication
    Affects Versions: 1.9.0
            Reporter: Sam Schlegel
            Assignee: Sam Schlegel


Both the Google OAuth2 and GHE authentication plugins include the `next_url` as a query parameter in `redirect_uri`. This breaks at least Google OAuth2, unless you include the query parameter in the authorized redirect URI. This isn't the most flexible solution, as you would have to do the same for every potential next URL.

Instead, the next_url should be passed via state, per [[RFC6749] Section 3.1.2|https://tools.ietf.org/html/rfc6749#section-3.1.2]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)