Skip to content

Quite some bugfixes for the google oauth module

Felicia Hummel requested to merge Drachenkatze/module-oauth2-google:master into master
  • Removed the hostedDomain parameter as it restricts the allowed login users (see https://developers.google.com/identity/protocols/OpenIDConnect#hd-param)
  • Implemented tbg4 compatibility (persist the session token, set the user to the context etc)
  • Encode any caught exceptions prior setting the message. In my case, the exception message had a single quote, which broke the message display. Should probably be refactored to escape at a central point, like in Context::getMessage() or - which I personally prefer - in the HTML templates. However, there should be a central snippet to avoid code duplication.
  • Fixed an issue where $this->forward('login') causes infinite redirects (e.g. redirects to itself instead of /login)
  • Check $_SESSION entries prior unsetting, externalized session variable name. When an error occurs during the auth process and oauth2state is not set in the session, we trigger a PHP notice with that which halts tbg

Merge request reports