Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't localize custom errors returned by the userinfo endpoint #12803

Merged
merged 1 commit into from
Nov 22, 2022
Merged

Don't localize custom errors returned by the userinfo endpoint #12803

merged 1 commit into from
Nov 22, 2022

Conversation

kevinchalet
Copy link
Member

@kevinchalet kevinchalet commented Nov 12, 2022
edited
Loading

The OAuth 2.0 specification explicitly requires that errors be composed exclusively of certain US-ASCII characters, which basically prevents localizing them:

image

image

It's an issue we identified and fixed some time ago for the errors returned by AccessController, but not by UserInfoController, that still returns a localized error. E.g in French:

image

@kevinchalet kevinchalet added this to the 1.6 milestone Nov 12, 2022
hishamco
hishamco reviewed Nov 14, 2022
View reviewed changes
src/OrchardCore.Modules/OrchardCore.OpenId/Controllers/UserInfoController.cs
using OpenIddict.Abstractions;
using OpenIddict.Server.AspNetCore;
using OrchardCore.Modules;
using static OpenIddict.Abstractions.OpenIddictConstants;

namespace OrchardCore.OpenId.Controllers
{
// Note: the error descriptions used in this controller are deliberately not localized as
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should move this note before setting the description

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can certainly do that. It's worth noting that AccessController already has the same message at the same place:

OrchardCore/src/OrchardCore.Modules/OrchardCore.OpenId/Controllers/AccessController.cs

Lines 26 to 29 in 18938aa

// Note: the error descriptions used in this controller are deliberately not localized as
// the OAuth 2.0 specification only allows select US-ASCII characters in error_description.
[Authorize, Feature(OpenIdConstants.Features.Server)]
public class AccessController : Controller

If we decide to move it before every returned error, this will result in many copies. Is it fine for you?

@kevinchalet kevinchalet merged commit ffd97f7 into OrchardCMS:main Nov 22, 2022
@kevinchalet kevinchalet deleted the userinfo_error_localization branch November 22, 2022 18:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hishamco hishamco hishamco left review comments

@Skrypt Skrypt Skrypt approved these changes

Assignees
No one assigned
Labels
bug 🐛 OpenId
Projects
None yet
Milestone
1.6
Development

Successfully merging this pull request may close these issues.
3 participants
@kevinchalet @Skrypt @hishamco