Skip to content

feat: for expired challenges return HTTP 410 and redirect url#3802

Open
terev wants to merge 1 commit intoory:masterfrom
terev:expired-challenge-redir
Open

feat: for expired challenges return HTTP 410 and redirect url#3802
terev wants to merge 1 commit intoory:masterfrom
terev:expired-challenge-redir

Conversation

@terev
Copy link
Contributor

@terev terev commented Jul 21, 2024

Return HTTP 410 and initial auth url for consent app to redirect user agent to when an expired challenge is supplied. This implements the same mechanism provided for consent apps to handle previously utilized challenges #2473 .

BREAKING CHANGES: This patch changes the response status code for expired challenges from 401 to 410. It also changes the schema of the response from fosite.RFC6749Error to flow.OAuth2RedirectTo.

Related issue(s)

Closes #3772

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

@terev terev requested review from aeneasr, alnr and hperl as code owners July 21, 2024 18:32
@terev terev changed the title feat: return HTTP 410 and initial auth url for consent app to redirect user agent feat: for expired challenges return HTTP 410 and redirect url Jul 24, 2024
@terev
feat: return HTTP 410 and initial auth url for consent app to redirec…
783d954 
…t the user agent to when an expired challenge is supplied
@terev terev force-pushed the expired-challenge-redir branch from 4441c17 to 783d954 Compare July 25, 2024 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aeneasr aeneasr Awaiting requested review from aeneasr aeneasr is a code owner

@hperl hperl Awaiting requested review from hperl

@alnr alnr Awaiting requested review from alnr

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Expired Login/Consent Challenge Should be Resolvable for Consent App

1 participant

@terev