summaryrefslogtreecommitdiff
path: root/mailnews
diff options
context:
space:
mode:
authorGaming4JC <g4jc@hyperbola.info>2019-12-30 09:33:56 -0500
committerGaming4JC <g4jc@hyperbola.info>2019-12-30 20:29:25 -0500
commit3dae851d2135e2b321754a544a5a82cf155a3936 (patch)
treee46292d84b9c286d4753e733b9b809f48e8d4b40 /mailnews
parenta4ab8fd190102e4773ec3399b5281e8eeef04eae (diff)
downloaduxp-3dae851d2135e2b321754a544a5a82cf155a3936.tar.gz
Bug 1597933 - clean up OAuth2 code: remove responseType which is always code.
Response type token is part of the OAuth 2.0 Implicit Flow which is not used in Mail Applications, but also discouraged by the OAuth Working Group: https://developer.okta.com/blog/2019/05/01/is-the-oauth-implicit-flow-dead
Diffstat (limited to 'mailnews')
-rw-r--r--mailnews/base/util/OAuth2.jsm15
1 files changed, 6 insertions, 9 deletions
diff --git a/mailnews/base/util/OAuth2.jsm b/mailnews/base/util/OAuth2.jsm
index 94f850e0be..dcbfb428fe 100644
--- a/mailnews/base/util/OAuth2.jsm
+++ b/mailnews/base/util/OAuth2.jsm
@@ -3,7 +3,8 @@
* You can obtain one at http://mozilla.org/MPL/2.0/. */
/**
- * Provides OAuth 2.0 authentication
+ * Provides OAuth 2.0 authentication.
+ * @see RFC 6749
*/
var EXPORTED_SYMBOLS = ["OAuth2"];
@@ -41,8 +42,6 @@ OAuth2.CODE_AUTHORIZATION = "authorization_code";
OAuth2.CODE_REFRESH = "refresh_token";
OAuth2.prototype = {
-
- responseType: "code",
consumerKey: null,
consumerSecret: null,
completionURI: "http://localhost",
@@ -79,7 +78,7 @@ OAuth2.prototype = {
requestAuthorization: function requestAuthorization() {
let params = [
- ["response_type", this.responseType],
+ ["response_type", "code"],
["client_id", this.consumerKey],
["redirect_uri", this.completionURI],
];
@@ -173,13 +172,11 @@ OAuth2.prototype = {
onAuthorizationReceived: function(aData) {
this.log.info("authorization received" + aData);
let results = parseURLData(aData);
- if (this.responseType == "code" && results.code) {
+ if (results.code) {
this.requestAccessToken(results.code, OAuth2.CODE_AUTHORIZATION);
- } else if (this.responseType == "token") {
- this.onAccessTokenReceived(JSON.stringify(results));
- }
- else
+ } else {
this.onAuthorizationFailed(null, aData);
+ }
},
onAuthorizationFailed: function(aError, aData) {