haskell/yesod-auth-oauth2
1
0
Fork 0
mirror of https://github.com/freckle/yesod-auth-oauth2.git synced 2026-01-12 04:08:30 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Check for ErrorResponse before CSRF

Browse Source 
It's possible there's an error that explains why the state token isn't
as expected. It should be fine to report those details before verifying
CSRF.
This commit is contained in:
patrick brisbin 2021-02-26 14:44:10 -05:00
parent 8b3908ec91
commit 23a8148afd
No known key found for this signature in database
GPG Key ID: 20299C6982D938FB
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Yesod/Auth/OAuth2/Dispatch.hs
View File

@ -81,8 +81,8 @@ dispatchCallback
-> FetchCreds site
-> m TypedContent
dispatchCallback name oauth2 getToken getCreds = do
csrf <- verifySessionCSRF $ tokenSessionKey name
onErrorResponse $ throwError . OAuth2HandshakeError
csrf <- verifySessionCSRF $ tokenSessionKey name
code <- requireGetParam "code"
manager <- authHttpManager
oauth2' <- withCallbackAndState name oauth2 csrf