[mitreid-connect] Cannot approve uninitialized authorization request

Justin Richer jricher at mit.edu
Fri Sep 18 13:22:27 EDT 2015 

You might want to check out how we did it as a proof of concept on the MIT Mobile app last summer:

https://github.com/MIT-Mobile/MIT-Mobile-for-Android/blob/22dcb8b8c8e8f8526a0fe8bd0b9045da15f83747/src/edu/mit/mitmobile2/OpenIDConnectHelper.java <https://github.com/MIT-Mobile/MIT-Mobile-for-Android/blob/22dcb8b8c8e8f8526a0fe8bd0b9045da15f83747/src/edu/mit/mitmobile2/OpenIDConnectHelper.java>

It’s not polished but it did function well enough.

 — Justin


> On Sep 18, 2015, at 1:19 PM, Luiz Omori <luiz.omori at duke.edu> wrote:
> 
> Thanks Justin. I don’t know how the protocol was implemented for this particular application, it wasn’t me. Will contact their technical team.
> 
> Regards,
> Luiz
> 
> From: Justin Richer <jricher at mit.edu <mailto:jricher at mit.edu>>
> Date: Friday, September 18, 2015 at 1:14 PM
> To: Luiz Omori <luiz.omori at dm.duke.edu <mailto:luiz.omori at dm.duke.edu>>
> Cc: "mitreid-connect at mit.edu <mailto:mitreid-connect at mit.edu>" <mitreid-connect at mit.edu <mailto:mitreid-connect at mit.edu>>
> Subject: Re: [mitreid-connect] Cannot approve uninitialized authorization request
> 
> What you’re seeing is cross site scripting protection. The error below happens when the approval page is reached before the authorization page.
> 
> How are you making the call to the authorization endpoint? You should be opening the system browser.
> 
>  — Justin
> 
>> On Sep 18, 2015, at 1:05 PM, Luiz Omori <luiz.omori at duke.edu <mailto:luiz.omori at duke.edu>> wrote:
>> 
>> Hi,
>> 
>> We are having this error when an Android application tries to perform the OAuth2 Authorization Code flow. Any idea of what could be wrong? The exception seems to be thrown by Spring (http://docs.spring.io/spring-security/oauth/xref/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.html <http://docs.spring.io/spring-security/oauth/xref/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.html>) but not sure in which layer the problem that triggers it is in.  The same application works on iOS but the client libraries could be very distinct.
>> 
>> 2015Sep18 12:53:05,541: INFO : org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint - Handling OAuth2 error: error="invalid_request", error_description="Cannot approve uninitialized authorization request."
>> 
>> Regards,
>> Luiz
>> _______________________________________________
>> mitreid-connect mailing list
>> mitreid-connect at mit.edu <mailto:mitreid-connect at mit.edu>
>> http://mailman.mit.edu/mailman/listinfo/mitreid-connect <http://mailman.mit.edu/mailman/listinfo/mitreid-connect>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150918/38c5755c/attachment.html

More information about the mitreid-connect mailing list