Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59746

OAuth 2: upgrade_token does not urlencode parameters

    XMLWordPrintable

Details

    • MOODLE_33_STABLE, MOODLE_34_STABLE
    • MOODLE_33_STABLE
    • MDL-59746-master
    • Hide

      Test that it works with Nextcloud
      1. Install the owncloud repository plugin (https://github.com/learnweb/moodle-repository_owncloud).
      2. Configure a Nextcloud 12 instance with a Moodle client according to the README of the repository; configure Nextcloud the OAuth 2 service in Moodle accordingly.
      3. Open a file upload dialog somewhere and try logging in to Nextcloud
      4. Verify that you can see the files from your Nextcloud folder

      Test that it still works with other services
      1. Configure an OAuth 2 service, e.g. Google, in Moodle to prepare the googledocs repository
      2. Open a file upload dialog somewhere and try logging in to Google Docs
      3. Verify that you can see the files from your Google Docs folder

      Show
      Test that it works with Nextcloud 1. Install the owncloud repository plugin ( https://github.com/learnweb/moodle-repository_owncloud ). 2. Configure a Nextcloud 12 instance with a Moodle client according to the README of the repository; configure Nextcloud the OAuth 2 service in Moodle accordingly. 3. Open a file upload dialog somewhere and try logging in to Nextcloud 4. Verify that you can see the files from your Nextcloud folder Test that it still works with other services 1. Configure an OAuth 2 service, e.g. Google, in Moodle to prepare the googledocs repository 2. Open a file upload dialog somewhere and try logging in to Google Docs 3. Verify that you can see the files from your Google Docs folder

    Description

      Nextcloud creates authorization codes (grants) as strings of the form +mdDIGjYe8en1p5y7fMI/Vwc3SOgrD5NOmTj40vQTKsffMHXp5ZvQxRIaz4e2a+CtBg3lzj3/QaUpIhl8z0SrzHpI1GSUc8EIr8dvA324B7p54QARCuyU+aEMK3K+Ayw.

      When Moodle upgrades this grant to obtain an access token, it sends this string (and client ID, secret) as-is, taking care only of "&" as a special character. Nextcloud urldecodes this string and replaces all occurrences of + with spaces, thus rendering the token invalid.

       

      Attachments

        Issue Links

          Activity

            People

              jan.dagefoerde Jan Dageförde
              jan.dagefoerde Jan Dageförde
              Jake Dallimore Jake Dallimore
              Andrew Lyons Andrew Lyons
              Ankit Agarwal Ankit Agarwal
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Clockify

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.