Bug 1597933 - clean up OAuth2 code: remove responseType which is always "code". r=Fallen
authorMagnus Melin <mkmelin+mozilla@iki.fi>
Thu, 21 Nov 2019 10:39:22 +0200
changeset 37584 4c34261831ce476d943f4c25cebdd2aa8101da8c
parent 37583 318755e67909cb43c91f2179b258d868c1e1909d
child 37585 ff646df746848ce1be66849629e62acf3892b5a3
push id396
push userclokep@gmail.com
push dateMon, 06 Jan 2020 23:11:57 +0000
reviewersFallen
bugs1597933
Bug 1597933 - clean up OAuth2 code: remove responseType which is always "code". r=Fallen Response type "token" is part of the OAuth 2.0 Implicit Flow which is not used in Thunderbird, but also discouraged by the OAuth Working Group: https://developer.okta.com/blog/2019/05/01/is-the-oauth-implicit-flow-dead
mailnews/base/util/OAuth2.jsm
--- a/mailnews/base/util/OAuth2.jsm
+++ b/mailnews/base/util/OAuth2.jsm
@@ -1,14 +1,15 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /**
- * Provides OAuth 2.0 authentication
+ * Provides OAuth 2.0 authentication.
+ * @see RFC 6749
  */
 var EXPORTED_SYMBOLS = ["OAuth2"];
 
 const { httpRequest } = ChromeUtils.import("resource://gre/modules/Http.jsm");
 const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
 const { Log4Moz } = ChromeUtils.import("resource:///modules/gloda/log4moz.js");
 
 function parseURLData(aData) {
@@ -36,17 +37,16 @@ function OAuth2(aBaseURI, aScope, aAppKe
 
   this.log = Log4Moz.getConfiguredLogger("TBOAuth");
 }
 
 OAuth2.CODE_AUTHORIZATION = "authorization_code";
 OAuth2.CODE_REFRESH = "refresh_token";
 
 OAuth2.prototype = {
-  responseType: "code",
   consumerKey: null,
   consumerSecret: null,
   completionURI: "http://localhost",
   requestWindowURI: "chrome://messenger/content/browserRequest.xul",
   requestWindowFeatures: "chrome,private,centerscreen,width=980,height=750",
   requestWindowTitle: "",
   scope: null,
 
@@ -72,17 +72,17 @@ OAuth2.prototype = {
         return;
       }
       this.requestAuthorization();
     }
   },
 
   requestAuthorization() {
     let params = [
-      ["response_type", this.responseType],
+      ["response_type", "code"],
       ["client_id", this.consumerKey],
       ["redirect_uri", this.completionURI],
     ];
     // The scope can be optional.
     if (this.scope) {
       params.push(["scope", this.scope]);
     }
 
@@ -181,20 +181,18 @@ OAuth2.prototype = {
       this._browserRequest._listener._cleanUp();
     }
     delete this._browserRequest;
   },
 
   onAuthorizationReceived(aData) {
     this.log.info("authorization received" + aData);
     let results = parseURLData(aData);
-    if (this.responseType == "code" && results.code) {
+    if (results.code) {
       this.requestAccessToken(results.code, OAuth2.CODE_AUTHORIZATION);
-    } else if (this.responseType == "token") {
-      this.onAccessTokenReceived(JSON.stringify(results));
     } else {
       this.onAuthorizationFailed(null, aData);
     }
   },
 
   onAuthorizationFailed(aError, aData) {
     this.connectFailureCallback(aData);
   },