Skip to content

companion: change oauth access token transport method #1668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ifedapoolarewaju merged 1 commit into from
Jun 17, 2019
Merged

companion: change oauth access token transport method #1668

ifedapoolarewaju merged 1 commit into from
Jun 17, 2019

Conversation

@ifedapoolarewaju
Copy link
Contributor

@ifedapoolarewaju ifedapoolarewaju commented Jun 15, 2019

this change prevents us from exposing the provider access_tokens in URLs which could be access in logs or browser history

@goto-bus-stop
Copy link
Contributor

goto-bus-stop commented Jun 16, 2019

to check my understanding, this is for communication between Companion and the OAuth login endpoint?

@ifedapoolarewaju
Copy link
Contributor Author

ifedapoolarewaju commented Jun 16, 2019

this is for communication between Companion and the OAuth login endpoint?

technically, yes. But this is actually used between 2 companion endpoints. One endpoint (this endpoint is in the grant library) receives the token from the OAuth provider, and it passes it to our own callback endpoint by redirecting.

So grant can either pass it down to us via query param, or session.

@goto-bus-stop
Copy link
Contributor

goto-bus-stop commented Jun 16, 2019

Goootcha. that clears it up, thanks for the explanation ✨

arturi
arturi approved these changes Jun 17, 2019
View reviewed changes
Copy link
Contributor

@arturi arturi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested locally ✅

@ifedapoolarewaju ifedapoolarewaju merged commit bf71260 into master Jun 17, 2019
@goto-bus-stop goto-bus-stop deleted the acess-token-session branch June 17, 2019 15:23
HeavenFox pushed a commit to docsend/uppy that referenced this pull request Jun 27, 2023
@ifedapoolarewaju
Merge pull request transloadit#1668 from transloadit/acess-token-session
f8fdafc 
companion: change oauth access token transport method
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kvz kvz Awaiting requested review from kvz

2 more reviewers

@goto-bus-stop goto-bus-stop goto-bus-stop approved these changes

@arturi arturi arturi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ifedapoolarewaju @goto-bus-stop @arturi