Content
View differences
Updated by Oliver Günther over 5 years ago
OAuth redirects to the URL as specified in the app. However, the post to that URL is not allowed if the user already granted access. This is due to fact that the very first form, the login in that case had not CSP form-action set to the redirect URLs.
**Steps to reproduce**
1. Create OAuth app locally with [`https://oauthdebugger.com/debug`](https://oauthdebugger.com/debug) as redirect\_uri
2. Set up [https://oauthdebugger.com/debug](https://oauthdebugger.com/debug) in Chrome and do the first auth
3. Log out from OpenProject
4. Redo auth, get to log in form
5. Log in, observe console log
**Steps to reproduce**
1. Create OAuth app locally with [`https://oauthdebugger.com/debug`](https://oauthdebugger.com/debug) as redirect\_uri
2. Set up [https://oauthdebugger.com/debug](https://oauthdebugger.com/debug) in Chrome and do the first auth
3. Log out from OpenProject
4. Redo auth, get to log in form
5. Log in, observe console log