From 135098e06425cf20b60dcdd23c8af8d67aa69385 Mon Sep 17 00:00:00 2001 From: Gaming4JC Date: Mon, 30 Dec 2019 09:33:56 -0500 Subject: Bug 1597933 - clean up OAuth2 code: remove responseType which is always code. Response type token is part of the OAuth 2.0 Implicit Flow which is not used in Mail Applications, but also discouraged by the OAuth Working Group: https://developer.okta.com/blog/2019/05/01/is-the-oauth-implicit-flow-dead --- mailnews/base/util/OAuth2.jsm | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'mailnews/base/util/OAuth2.jsm') diff --git a/mailnews/base/util/OAuth2.jsm b/mailnews/base/util/OAuth2.jsm index 94f850e0b..dcbfb428f 100644 --- a/mailnews/base/util/OAuth2.jsm +++ b/mailnews/base/util/OAuth2.jsm @@ -3,7 +3,8 @@ * You can obtain one at http://mozilla.org/MPL/2.0/. */ /** - * Provides OAuth 2.0 authentication + * Provides OAuth 2.0 authentication. + * @see RFC 6749 */ var EXPORTED_SYMBOLS = ["OAuth2"]; @@ -41,8 +42,6 @@ OAuth2.CODE_AUTHORIZATION = "authorization_code"; OAuth2.CODE_REFRESH = "refresh_token"; OAuth2.prototype = { - - responseType: "code", consumerKey: null, consumerSecret: null, completionURI: "http://localhost", @@ -79,7 +78,7 @@ OAuth2.prototype = { requestAuthorization: function requestAuthorization() { let params = [ - ["response_type", this.responseType], + ["response_type", "code"], ["client_id", this.consumerKey], ["redirect_uri", this.completionURI], ]; @@ -173,13 +172,11 @@ OAuth2.prototype = { onAuthorizationReceived: function(aData) { this.log.info("authorization received" + aData); let results = parseURLData(aData); - if (this.responseType == "code" && results.code) { + if (results.code) { this.requestAccessToken(results.code, OAuth2.CODE_AUTHORIZATION); - } else if (this.responseType == "token") { - this.onAccessTokenReceived(JSON.stringify(results)); - } - else + } else { this.onAuthorizationFailed(null, aData); + } }, onAuthorizationFailed: function(aError, aData) { -- cgit v1.2.3