Skip to content

Add workaround for Facebook oauth bug to oauth2 package #303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
DartBot opened this issue Jun 5, 2015 · 9 comments · Fixed by dart-archive/oauth2#20
Closed

Add workaround for Facebook oauth bug to oauth2 package #303

DartBot opened this issue Jun 5, 2015 · 9 comments · Fixed by dart-archive/oauth2#20
Labels
contributions-welcome Contributions welcome to help resolve this (the resolution is expected to be clear from the issue) package:oauth2 type-enhancement A request for a change that isn't a bug

Comments

@DartBot
Copy link

DartBot commented Jun 5, 2015

<img src="https://avatars.githubusercontent.com/u/336447?v=3" align="left" width="96" height="96"hspace="10"> Issue by MaxHorstmann
Originally opened as dart-lang/sdk#12366

Facebook's oauth2 implementation has a bug. It returns the access token as plain text (text/plain) instead of json (application/json).

See e.g. http://stackoverflow.com/questions/3862108/facebook-oauth-access-token-missing

Unforunately, this breaks the oauth2 package (http://pub.dartlang.org/packages/oauth2) right here: https://code.google.com/p/dart/codesearch#dart/trunk/dart/pkg/oauth2/lib/src/handle_access_token_response.dart&amp;l=37

Ideally Faceboook should fix this return json like the oauth2 spec says, but well, so far they haven't done so.

Since Facebook sign-in is a fairly common use case, my suggestion is to add some flexibility here and handle both a json or plaintext response. The plaintext response string looks like this:

access_token=CAAC9nzmHiUwBAE36sC6fPvDOtlZAFGfoLEfZAcfS2VnEOyo7ZCvckG55tCvzwRQNuSl2unMpFYxxxxxdostdNU38grYyEVSIUe2MhIWXII0ufc380vUc56B6cYAtli153PKuEZA1BT44AoyrtQTc3UT6meZAiO1YZD&expires=5181866
@DartBot
Copy link
Author

DartBot commented Jun 5, 2015

<img src="https://avatars.githubusercontent.com/u/336447?v=3" align="left" width="48" height="48"hspace="10"> Comment by MaxHorstmann

Here's how I fixed it locally: https://gist.github.com/MaxHorstmann/6207756

@DartBot
Copy link
Author

DartBot commented Jun 5, 2015

<img src="https://avatars.githubusercontent.com/u/3276024?v=3" align="left" width="48" height="48"hspace="10"> Comment by anders-sandholm

Removed Type-Defect label.
Added Type-Enhancement, Area-Pkg, Triaged labels.

@DartBot
Copy link
Author

DartBot commented Jun 5, 2015

<img src="https://avatars.githubusercontent.com/u/5479?v=3" align="left" width="48" height="48"hspace="10"> Comment by sethladd

Added Pkg-OAuth2, AssumedStale labels.

@DartBot
Copy link
Author

DartBot commented Jun 5, 2015

<img src="https://avatars.githubusercontent.com/u/188?v=3" align="left" width="48" height="48"hspace="10"> Comment by nex3

Added Triaged label.

@DartBot DartBot added the type-enhancement A request for a change that isn't a bug label Jun 5, 2015
@DartBot DartBot mentioned this issue Jun 5, 2015
Closed
@nex3 nex3 added the contributions-welcome Contributions welcome to help resolve this (the resolution is expected to be clear from the issue) label Jun 6, 2015
@nex3
Copy link
Member

nex3 commented Jun 6, 2015

@MaxHorstmann I'd accept a patch that added support for a text/plain response.

@nex3
Copy link
Member

nex3 commented Jun 6, 2015

Actually, better would be to add a single flag that enabled all of Facebooks weird noncompliant tweaks (see also #308).

@nex3 nex3 mentioned this issue Jun 6, 2015
Closed
@thosakwe thosakwe mentioned this issue Jan 12, 2017
Merged
@thosakwe
Copy link
Contributor

I would be more than happy to submit a PR to resolve this issue. The requirement of a JSON response isn't obeyed by Github, either, so it's not possible to access it using this package (yet!).

@nex3
Copy link
Member

nex3 commented May 15, 2017

@thosakwe A PR would definitely be appreciated!

@thosakwe thosakwe mentioned this issue Jun 3, 2017
Merged
@thosakwe
Copy link
Contributor

With the new changes, a response like this:

access_token=CAAC9nzmHiUwBAE36sC6fPvDOtlZAFGfoLEfZAcfS2VnEOyo7ZCvckG55tCvzwRQNuSl2unMpFYxxxxxdostdNU38grYyEVSIUe2MhIWXII0ufc380vUc56B6cYAtli153PKuEZA1BT44AoyrtQTc3UT6meZAiO1YZD&expires=5181866

can be handled like this:

await grant.handleAccessTokenResponse(..., getParameters: (contentType, body) {
  return Uri.splitQueryString(body);
});

@mosuem mosuem transferred this issue from dart-archive/oauth2 Aug 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
contributions-welcome Contributions welcome to help resolve this (the resolution is expected to be clear from the issue) package:oauth2 type-enhancement A request for a change that isn't a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support text/plain content type in handleAccessTokenResponse
4 participants
@nex3 @DartBot @thosakwe @mosuem