Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Fixed
-
3.2.7
-
MySQL(i) 5.7.26
PHP version: 7.2.16
Board version: 3.2.7
Description
I have discovered a problem with Oauth...
Turns out that when a user hits the "Reply" button to a topic/post when not logged in, they are redirected to the phpBB login page where they can login in by either entering a username and password manually or by clicking on one of the oauth buttons (if setup in acp). Trouble is, they do not work because the redirect URL is in the following format:
https://domain.com/posting.php?mode=reply&f=9&t=134 |
I think it's because URL's need to be whitelisted in the vendors app and in this instance because the url changes depending on what topic or post the user was viewing at the time they clicked on the "Reply" button it's not possible to whitelist.
This results in an error 500 on twitter, facebook throws this:
https://www.phpbb.com/community/download/file.php?id=222846&mode=view
Google returns you back to the board to an information page but fails to log you in:
https://www.phpbb.com/community/download/file.php?id=222851&mode=view
Oauth works on the index page, main login page because it uses the following static URL which one can whitelist:
https://domain.com/ucp.php?mode=login |
Same for linking or linking via UCP, Oauth works there because again the URL is static and it can be added to the vendors authorised/whitelist.
More here:
https://www.phpbb.com/community/viewtopic.php?f=556&t=2511596