Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem when supplying an erroneous ClientID #17

Open
Gikkman opened this issue Apr 25, 2016 · 1 comment
Open

Problem when supplying an erroneous ClientID #17

Gikkman opened this issue Apr 25, 2016 · 1 comment
Assignees
@urgrue

Comments

@Gikkman
Copy link

Gikkman commented Apr 25, 2016

If you supply a ClientID which doesn't map to a valid ClientID, or if your RedirectURI does not match the registered RedirectURI, it seems like the .awaitAccessToken() command never returns.

I've tried a lot of different techniques for hacking my way around it but I cannot seem to understand the underlying Authorization process. Is it possible to either A) interrupt the awaitAccessToken() (and make it release its resources) or B) make it detect that the ClientID is not valid?
@Gikkman
Copy link
Author

Gikkman commented Apr 27, 2016
edited
Loading

I've found that this problem stems from row 78 in AuthenticationCallbackServer.java. When the .accept()request never sees an incoming connection, it will block indefinitely. In case the ClientID is incorrect, an incoming connection will never occur.

An easy solution would be to add a timeout to the server socket, say about 1-2 minutes. If the user did make a choice within that time, we can assume he will not make on at all.

@urgrue urgrue self-assigned this Jan 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@urgrue urgrue

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Gikkman @urgrue