PHRAS-3765_oauth-parms-in-session (#4153)

PHRAS-3765: fetch parms from session PHRAS-3765 : fix : pass custom parameters as argument (don't try to hack request)
2025-10-16 14:33:14 +00:00 · 2022-10-25 12:27:21 +02:00
parent 43cd154c87
commit c8e575c1e7
2 changed files with 29 additions and 10 deletions
--- a/lib/Alchemy/Phrasea/Controller/Api/OAuth2Controller.php
+++ b/lib/Alchemy/Phrasea/Controller/Api/OAuth2Controller.php
@@ -197,7 +197,17 @@ class OAuth2Controller extends Controller
    {
        $context = new Context(Context::CONTEXT_OAUTH2_NATIVE);
        $provider = $this->findProvider($providerId);
-        $params = $this->oAuth2Adapter->getAuthorizationRequestParameters($request);
+
+        /*
+         * some api client (parade) did want to pass parameters into oauth2 callback url
+         * but we prevent this for openid
+         * The parameters can be passed in session, we restore them
+         */
+        $customParms = $this->getSession()->get($provider->getId() . '.parms', []);
+        if(!is_array($customParms)) {
+            $customParms = [];
+        }
+        $params = $this->oAuth2Adapter->getAuthorizationRequestParameters($request, $customParms);

        // triggers what's necessary
        try {