Use base 64 encoding instead of uri encoding of state param for yahoo #658
Conversation
|
@MrSwitch could you please take a look at the changes ? |
|
Hi @arushi364 That logic should be defined in the yahoo module. As such i can't merge this as is. |
@MrSwitch Thanks for replying back. I tried changing the encoding in the login function. But, once the state param is base 64 encoded in the yahoo login function, the code in hello.js tries to again uri encode it after stringifying the state. The base 64 encoded state does not change when uri encoded, but the problem here is JSON.stringify results in adding quotes in the state param which is eventually converted to %22, which makes yahoo unhappy. state param in yahoo login function: base64_encoded_string This is the code which does the transition and is executed after the provider.login function is executed. // Convert state to a string Any suggestions on how can I avoid adding quotes here so that no uri encoded characters are added in the state? |
|
@MrSwitch Wondering if you got a chance to look at my previous comment? Could you please advise with the next step? We really need to fix this library so that we can consume this for talking to Yahoo. |
|
Can you create a property like Also to make it easier to merge:
Thankyou 👍 |
|
Thanks @MrSwitch. Just wanted to confirm, to create a new property provider.oauth.base64State, I would need to update the HelloJSOAuthDef in this file? |
|
@MrSwitch I have added a new property and updated the test cases. Could you please take a look at the changes? |
|
@MrSwitch Could you please take a look at the PR? |
|
Gentle ping! @MrSwitch |
|
@MrSwitch Could please take a look at the changes? We are waiting on merging this fix so that we can consume the library for adding a yahoo account in our App. I would highly appreciate if you could review the changes once? |
Looks great, thank you for persevering 🙏 |
|
Thanks @MrSwitch I have addressed the review comments. Could you please take a look? |
# [1.20.0](v1.19.5...v1.20.0) (2023-01-25) ### Features * **state:** Base64 encoding instead of uri encoding of state param for yahoo ([#658](#658)) ([b196a7b](b196a7b))
|
🎉 This PR is included in version 1.20.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
@MrSwitch , @arushi364 I have been having problems using this new I have found that, afterwards, in the responseHandler, the "Could not decode state" error is raised, since the base64 encoded state should be decoded again. So, I request reopening this issue in order to complete the fix (I will pass PR). |
In PR MrSwitch#658 the property base64_state was added, to force the state param to be base64-encoded instead of URI encoded. That makes the state impossible to decode when the flow returns to the calling page, so we detect if the returned state is in base64 and decode it accordingly if so, first of all.
Yahoo expects base 64 encoding of state param and somehow fails at the consent page if URI encoding is used. This PR intends to change the encoding for Yahoo network. It retains the original behavior for other networks.
For all clients using hellojs for yahoo (not sure if there are any as it seemed busted for yahoo), one will have to base 64 decode the state param before it can be parsed to extract the state param attributes.