Package: ruby-doorkeeper | Debian Sources

Package: ruby-doorkeeper / 5.5.0-2+deb12u1

Metadata

Package	Version	Patches format
ruby-doorkeeper	5.5.0-2+deb12u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
0001 Block public clients automatic authorization skip.patch \| (download)	app/controllers/doorkeeper/authorizations_controller.rb \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	block public clients automatic authorization skip Non-confidential applications should not be able to skip the authorization stop, even if they have an existing matching_token. From the [issue](https://github.com/doorkeeper-gem/doorkeeper/issues/1589): > According to RFC 8252 section 8.6, the authentication server should re-prompt for user consent, since the client's identity cannot be assured simply from the client_id parameter Fixes https://github.com/doorkeeper-gem/doorkeeper/issues/1589

Patch

File delta

Description

0001 Block public clients automatic authorization skip.patch | (download)

app/controllers/doorkeeper/authorizations_controller.rb | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 block public clients automatic authorization skip

Non-confidential applications should not be able to skip the authorization stop, even if they have an existing matching_token.

From the [issue](https://github.com/doorkeeper-gem/doorkeeper/issues/1589):
> According to RFC 8252 section 8.6, the authentication server should re-prompt for user consent, since the client's identity cannot be assured simply from the client_id parameter

Fixes https://github.com/doorkeeper-gem/doorkeeper/issues/1589