Skip Menu |

This queue is for tickets about the LWP-Authen-OAuth2 CPAN distribution.

Report information
The Basics
Id: 100485
Status: open
Priority: 0/
Queue: LWP-Authen-OAuth2
People
Owner: Nobody in particular
Requestors: jhpyle [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu Nov 20 22:05:29 2014 jhpyle [...] gmail.com - Ticket created
Subject: LWP::Authen::OAuth2::ServiceProvider::collect_action_params() erases defaults in non-strict mode
Date: Thu, 20 Nov 2014 22:05:19 -0500
To: bug-LWP-Authen-OAuth2 [...] rt.cpan.org
From: Jonathan Pyle <jhpyle [...] gmail.com>
In LWP::Authen::OAuth2::ServiceProvider::collect_action_params(), if is_strict is false, defaults get overwritten. I wasn't able to use refresh tokens with Google when is_strict was false, but it worked fine when is_strict was true. The refresh attempt failed because no grant_type was being submitted in the post_to_token_endpoint request. In collect_action_params(), the original %$default may contain a key with a definition, but then any required or optional parameters that are not defined in oauth2_args will generate a key with an undefined value, which will overwrite the value in %$default and cause the keys to be deleted from the result hash. Maybe this is intentional, but I got the sense from the documentation of is_strict that using is_strict = false would not overwrite a default defined in the code.
  Tue Nov 25 04:38:10 2014 domm [...] cpan.org - Correspondence added
On Thu Nov 20 22:05:29 2014, jhpyle@gmail.com wrote: Show quoted text
> In LWP::Authen::OAuth2::ServiceProvider::collect_action_params(), if > is_strict is false, defaults get overwritten.
Hm, I've just taken over this module, and don't have a very good (any?) understanding of the internals (which, frankly, seem a bit overengineered) So if you have time and knowledge to come up with a patch that fixes that issues (esp. if the behaviour then matches the docs), I'm very happy to apply it. Alternatively, I could take a look, but I'm afraid this will take some time, as we're currently not using refresh tokens. So I'm not sure I can divert some work time to this issue, and my OpenSource time is rather limited at the moment.. Thanks for the feedback! Greetings, domm
  Tue Nov 25 04:38:10 2014 The RT System itself - Status changed from 'new' to 'open'