<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>Thanks Justin. I don’t know how the protocol was implemented for this particular application, it wasn’t me. Will contact their technical team.</div>
<div><br>
</div>
<div>Regards,</div>
<div>Luiz</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>Justin Richer <<a href="mailto:jricher@mit.edu">jricher@mit.edu</a>><br>
<span style="font-weight:bold">Date: </span>Friday, September 18, 2015 at 1:14 PM<br>
<span style="font-weight:bold">To: </span>Luiz Omori <<a href="mailto:luiz.omori@dm.duke.edu">luiz.omori@dm.duke.edu</a>><br>
<span style="font-weight:bold">Cc: </span>"<a href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a>" <<a href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [mitreid-connect] Cannot approve uninitialized authorization request<br>
</div>
<div><br>
</div>
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
What you’re seeing is cross site scripting protection. The error below happens when the approval page is reached before the authorization page.
<div class=""><br class="">
</div>
<div class="">How are you making the call to the authorization endpoint? You should be opening the system browser.<br class="">
<div class=""><br class="">
</div>
<div class=""> — Justin</div>
<div class=""><br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Sep 18, 2015, at 1:05 PM, Luiz Omori <<a href="mailto:luiz.omori@duke.edu" class="">luiz.omori@duke.edu</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-size: 14px; font-family: Calibri, sans-serif;" class="">
<div class="">Hi,</div>
<div class=""><br class="">
</div>
<div class="">We are having this error when an Android application tries to perform the OAuth2 Authorization Code flow. Any idea of what could be wrong? The exception seems to be thrown by Spring (<a href="http://docs.spring.io/spring-security/oauth/xref/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.html" class="">http://docs.spring.io/spring-security/oauth/xref/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.html</a>)
but not sure in which layer the problem that triggers it is in. The same application works on iOS but the client libraries could be very distinct.</div>
<div class=""><br class="">
</div>
<div class="">
<div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">2015Sep18 12:53:05,541: INFO : org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint - Handling OAuth2 error: error="invalid_request", error_description="Cannot approve
uninitialized authorization request."</div>
</div>
<div class=""><br class="">
</div>
<div class="">Regards,</div>
<div class="">Luiz</div>
</div>
_______________________________________________<br class="">
mitreid-connect mailing list<br class="">
<a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a><br class="">
<a href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a><br class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</div>
</div>
</span>
</body>
</html>