Cached `OAuth2` objects aren't reused if their scope changes
Categories
(Thunderbird :: Account Manager, defect)
Tracking
(thunderbird_esr115 unaffected, thunderbird_esr128+ wontfix)
Tracking | Status | |
---|---|---|
thunderbird_esr115 | --- | unaffected |
thunderbird_esr128 | + | wontfix |
People
(Reporter: darktrojan, Assigned: darktrojan)
References
Details
Attachments
(4 files)
In bug 1880211 I added a cache for OAuth2
objects created by OAuthModule.sys.mjs to solve a problem with multiple authentication problems appearing for the same account. When checking if a cached object can be reused, the OAuth scopes are only checked for string equality, and this will break if the server grants different scopes from those requested. A cached object should be reused if the scopes it has are a superset of the scopes that are wanted.
Assignee | ||
Comment 1•2 months ago
|
||
Assignee | ||
Comment 2•2 months ago
|
||
Using isSupersetOf
makes the intention of the code clearer, and hopefully prevents future mistakes.
Assignee | ||
Comment 3•2 months ago
|
||
Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/4651b592ec50
Test that OAuth2Module correctly saves and restores tokens. r=mkmelin
https://hg.mozilla.org/comm-central/rev/975ed9f251a7
Handle OAuth scopes with Set functions, and fix cache checking. r=mkmelin
https://hg.mozilla.org/comm-central/rev/d7a05df28f55
Add logging to OAuth2Module.sys.mjs. r=mkmelin
Assignee | ||
Updated•2 months ago
|
Assignee | ||
Comment 5•2 months ago
|
||
Found an edge case, and a bad log message.
Assignee | ||
Comment 6•2 months ago
|
||
Assignee | ||
Updated•2 months ago
|
Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/6b462bda90c9
Fix what happens if an *.oauth2.scope pref is empty. r=mkmelin
Updated•2 months ago
|
Comment 8•1 month ago
|
||
Uplift to 128?
Assignee | ||
Comment 9•1 month ago
|
||
Nope. This depends on six patches ahead of it, which you have experience with, and I've no intention of pushing them to ESR again this side of Christmas, especially while we're deep in other problems on ESR.
Description
•