Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Improvement] Better OAuth 2.0 redirect handling

See original GitHub issue

This issue is a result of the discussion happening on #404

Improvement 1 – Also intercept redirects

The current implementation of the auth window only looks at window location changes. So, if the auth form redirects to a URL that then redirects somewhere else, Insomnia will only see the final URL in the chain – the one that ends up getting loaded by the browser window.

It looks like Electron BrowserWindow has an API that allows inspecting redirects directly.

Improvement 2 – Option to enable strict redirect_uri matching (currently the default)

Because of #396, Insomnia makes sure the redirect URL is prefixed with the redirect_uri defined in the OAuth settings. However, this has proved to cause problems for some users. It’s also possible that Improvement 1 will solve this problem instead.

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:6
  • Comments:13 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
stale[bot]commented, May 3, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

1reaction
Logifirecommented, Dec 9, 2018

I have the issue with the Blizzard API (https://develop.battle.net/documentation/api-reference/oauth-api), it’s my first time trying OAuth, and couldn’t understand where the “code” was. It’s a query parameter of the redirect back to the original site - but Insomnia didn’t show it in the timeline.

Could also be nice showing the URL the preview window is displaying - after redirects, that’s how I figured it out, using a normal browser.

EDIT: I was a bit to fast, I thought this was blocking me, I didn’t used the built in OAuth 2, I was trying to follow the flow (see link above) doing individuel requests, and couldn’t find the “authorization code”.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Prevent Attacks and Redirect Users with OAuth 2.0 State ...
Use the stored URL to redirect users​​ Set the nonce state parameter value that you used to mitigate CSRF attacks as explained above....
Read more >
Redirect URLs - OAuth 2.0 Simplified
Because the redirect URL will contain sensitive information, it is critical that the service doesn't redirect the user to arbitrary locations.
Read more >
How does Oauth 2.0 for native applications protect against ...
In Authorization Code Flow, the access token is never sent to the redirect URI. It is exchanged by the Relying Party using the...
Read more >
Improving OAuth App-to-App Security - danielfett.de
Since OAuth 2.0 just uses the redirect_uri and appends the parameters, it is not directly possible to use this type of URL. In...
Read more >
Changes to OAuth 2.0 URLs | LinkedIn Developer Network
For any application currently using the legacy OAuth 2.0 UI, the redirect may cause a slight delay during the member authorization process. If ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[Feature Request] Command line switches for Insomnia

Next page

[Feature Request] Automatic encoding of $ breaks OData APIs