haskell/yesod-auth-oauth2
1
0
Fork 0
mirror of https://github.com/freckle/yesod-auth-oauth2.git synced 2026-02-08 17:17:28 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Check for ErrorResponse before CSRF

Browse Source 
It's possible there's an error that explains why the state token isn't
as expected. It should be fine to report those details before verifying
CSRF.
This commit is contained in:
patrick brisbin 2021-02-26 14:44:10 -05:00
parent ab17f214eb
commit b71ae8f60d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Yesod/Auth/OAuth2/Dispatch.hs
View File

@ -81,8 +81,8 @@ dispatchCallback
-> FetchCreds site
-> m TypedContent
dispatchCallback name oauth2 getToken getCreds = do
csrf <- verifySessionCSRF $ tokenSessionKey name
onErrorResponse $ throwError . OAuth2HandshakeError
csrf <- verifySessionCSRF $ tokenSessionKey name
code <- requireGetParam "code"
manager <- authHttpManager
oauth2' <- withCallbackAndState name oauth2 csrf