When the authorization request is faulty in some way return a error response. Code flow or implicit depending on response_type. If the error has something to do with the return_uri return the response to the user not the RP.
This commit is contained in:
parent
6ee5fb368c
commit
b4d82db3a1
|
@ -292,11 +292,17 @@ class Provider(object):
|
|||
status="400 Bad Request")
|
||||
|
||||
@staticmethod
|
||||
def _redirect_authz_error(error, redirect_uri, descr=None):
|
||||
err = ErrorResponse(error=error)
|
||||
def _redirect_authz_error(error, redirect_uri, descr=None, state="",
|
||||
return_type=None):
|
||||
err = AuthorizationErrorResponse(error=error)
|
||||
if descr:
|
||||
err["error_description"] = descr
|
||||
location = err.request(redirect_uri)
|
||||
if state:
|
||||
err["state"] = state
|
||||
if return_type is None or return_type == ["code"]:
|
||||
location = err.request(redirect_uri)
|
||||
else:
|
||||
location = err.request(redirect_uri, True)
|
||||
return Redirect(location)
|
||||
|
||||
def _verify_redirect_uri(self, areq):
|
||||
|
|
|
@ -581,7 +581,18 @@ class Provider(AProvider):
|
|||
areq = self.server.parse_authorization_request(query=request)
|
||||
except MissingRequiredAttribute, err:
|
||||
logger.debug("%s" % err)
|
||||
return self._error("invalid_request", "%s" % err)
|
||||
areq = AuthorizationRequest().deserialize(request, "urlencoded")
|
||||
try:
|
||||
redirect_uri = self.get_redirect_uri(areq)
|
||||
except (RedirectURIError, ParameterError), err:
|
||||
return self._error("invalid_request", "%s" % err)
|
||||
try:
|
||||
_rtype = areq["response_type"]
|
||||
except:
|
||||
_rtype = ["code"]
|
||||
return self._redirect_authz_error("invalid_request", redirect_uri,
|
||||
"%s" % err, areq["state"],
|
||||
_rtype)
|
||||
except KeyError:
|
||||
areq = AuthorizationRequest().deserialize(request, "urlencoded")
|
||||
# verify the redirect_uri
|
||||
|
@ -597,7 +608,7 @@ class Provider(AProvider):
|
|||
|
||||
if not areq:
|
||||
logger.debug("No AuthzRequest")
|
||||
return self._error("invalid_request", "No parsable AuthzRequest")
|
||||
return self._error("invalid_request", "Can not parse AuthzRequest")
|
||||
|
||||
logger.debug("AuthzRequest: %s" % (areq.to_dict(),))
|
||||
try:
|
||||
|
|
Reference in New Issue