Skip to content
Snippets Groups Projects

fix: Migrate away from /userinfo

1 unresolved thread

Resolves #25 (closed)

Merge request reports

Approved by

Merged by Zachary SabourinZachary Sabourin 1 year ago (Jun 29, 2023 6:02pm UTC)

Merge details

Pipeline #19129 passed

Pipeline passed for 1a81dc82 on main

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
55 62
56 63 DrupalOAuthData tokenStatus = oauthService.validateTokenStatus(token, validScopes.get(),
57 64 validClientIds.get());
58 if (tokenStatus != null) {
59 65
60 // Set token data into context
61 requestContext.setProperty(RequestContextPropertyNames.TOKEN_STATUS, tokenStatus);
66 // The incoming token must have a user associated with it.
67 if (tokenStatus == null || tokenStatus.getUserId() == null) {
68 throw new FinalForbiddenException("Invalid user credentials");
  • Just checking, but all endpoints require auth for this API? This is an inversion of what was here before and I want to be sure that is intended

  • Yup! The behavior is the same. All endpoints are authenticated.

    It didn't need to explicitly deny the user since it would spit out any auth errors from /userinfo. Since I'm relying on the user search, I'm just denying any anonymous tokens

  • Please register or sign in to reply
  • Martin Lowe approved this merge request

    approved this merge request

  • Zachary Sabourin mentioned in commit 1a81dc82

    mentioned in commit 1a81dc82

  • Please register or sign in to reply
    Loading