summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGaming4JC <g4jc@hyperbola.info>2019-12-30 09:33:56 -0500
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-01-11 13:43:23 +0100
commit135098e06425cf20b60dcdd23c8af8d67aa69385 (patch)
tree73e71a13e071f8c3bb20d2d7186375fb3e6a9f84
parent1eb19e23097d94864d832993e9ed945affc0af66 (diff)
downloadUXP-135098e06425cf20b60dcdd23c8af8d67aa69385.tar
UXP-135098e06425cf20b60dcdd23c8af8d67aa69385.tar.gz
UXP-135098e06425cf20b60dcdd23c8af8d67aa69385.tar.lz
UXP-135098e06425cf20b60dcdd23c8af8d67aa69385.tar.xz
UXP-135098e06425cf20b60dcdd23c8af8d67aa69385.zip
Bug 1597933 - clean up OAuth2 code: remove responseType which is always code.
Response type token is part of the OAuth 2.0 Implicit Flow which is not used in Mail Applications, but also discouraged by the OAuth Working Group: https://developer.okta.com/blog/2019/05/01/is-the-oauth-implicit-flow-dead
-rw-r--r--mailnews/base/util/OAuth2.jsm15
1 files changed, 6 insertions, 9 deletions
diff --git a/mailnews/base/util/OAuth2.jsm b/mailnews/base/util/OAuth2.jsm
index 94f850e0b..dcbfb428f 100644
--- a/mailnews/base/util/OAuth2.jsm
+++ b/mailnews/base/util/OAuth2.jsm
@@ -3,7 +3,8 @@
* You can obtain one at http://mozilla.org/MPL/2.0/. */
/**
- * Provides OAuth 2.0 authentication
+ * Provides OAuth 2.0 authentication.
+ * @see RFC 6749
*/
var EXPORTED_SYMBOLS = ["OAuth2"];
@@ -41,8 +42,6 @@ OAuth2.CODE_AUTHORIZATION = "authorization_code";
OAuth2.CODE_REFRESH = "refresh_token";
OAuth2.prototype = {
-
- responseType: "code",
consumerKey: null,
consumerSecret: null,
completionURI: "http://localhost",
@@ -79,7 +78,7 @@ OAuth2.prototype = {
requestAuthorization: function requestAuthorization() {
let params = [
- ["response_type", this.responseType],
+ ["response_type", "code"],
["client_id", this.consumerKey],
["redirect_uri", this.completionURI],
];
@@ -173,13 +172,11 @@ OAuth2.prototype = {
onAuthorizationReceived: function(aData) {
this.log.info("authorization received" + aData);
let results = parseURLData(aData);
- if (this.responseType == "code" && results.code) {
+ if (results.code) {
this.requestAccessToken(results.code, OAuth2.CODE_AUTHORIZATION);
- } else if (this.responseType == "token") {
- this.onAccessTokenReceived(JSON.stringify(results));
- }
- else
+ } else {
this.onAuthorizationFailed(null, aData);
+ }
},
onAuthorizationFailed: function(aError, aData) {