Fixed OAuth2 - Undefined array key "host"

stromb0li

Well-known member
Affected version
2.3.4
Trying to follow public auth flow and am receiving the following error after code challenge completes.

ErrorException: [E_WARNING] Undefined array key "host" src/vendor/lusitanian/oauth/src/OAuth/Common/Http/Uri/Uri.php:88

Code:
Request:
array(4) {
  ["url"] => string(491) "/oauth2/authorize?client_id=redactedint&response_type=code&redirect_uri=moo%3A%2F%2Fauth%2FsignIn&scope=alert%3Aread+read+user%3Aread&code_challenge_method=S256&code_challenge=redacted-readacted"
  ["referrer"] => bool(false)
  ["_GET"] => array(7) {
    ["/oauth2/authorize"] => string(0) ""
    ["client_id"] => string(16) "redactedint"
    ["response_type"] => string(4) "code"
    ["redirect_uri"] => string(17) "moo://auth/signIn"
    ["scope"] => string(260) "alert:read user:read"
    ["code_challenge_method"] => string(4) "S256"
    ["code_challenge"] => string(43) "redacted-readacted"
  }
  ["_POST"] => array(0) {
  }
}
 
Code:
Stack trace
#0 src/vendor/lusitanian/oauth/src/OAuth/Common/Http/Uri/Uri.php(88): XF::handlePhpError(2, '[E_WARNING] Und...', '/var/www/site...', 88)
#1 src/vendor/lusitanian/oauth/src/OAuth/Common/Http/Uri/Uri.php(68): OAuth\Common\Http\Uri\Uri->parseUri('baaah.moo.app:/oa...')
#2 src/XF/Pub/Controller/OAuth2Controller.php(170): OAuth\Common\Http\Uri\Uri->__construct('baaah.moo.app:/oa...')
#3 src/XF/Pub/Controller/OAuth2Controller.php(56): XF\Pub\Controller\OAuth2Controller->getOAuthRequestInput(Object(XF\Entity\OAuthClient))
#4 src/XF/Mvc/Dispatcher.php(362): XF\Pub\Controller\OAuth2Controller->actionAuthorize(Object(XF\Mvc\ParameterBag))
#5 src/XF/Mvc/Dispatcher.php(264): XF\Mvc\Dispatcher->dispatchClass('XF:OAuth2', 'Authorize', Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\OAuth2Controller), NULL)
#6 src/XF/Mvc/Dispatcher.php(121): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\OAuth2Controller), NULL)
#7 src/XF/Mvc/Dispatcher.php(63): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#8 src/XF/App.php(2826): XF\Mvc\Dispatcher->run()
#9 src/XF.php(806): XF\App->run()
#10 index.php(23): XF::runApp('XF\\Pub\\App')
#11 {main}

Insistingly, the baaah.moo.app:/.... url is the first redirect URL I used in another test; moo://auth/signIn is what I'm using in this test, but it's listed as the second redirect URL. Working on retesting with the baaah.moo.app URL removed now to see if that makes any difference.

Edit: Yes, board URL is setup with a valid hostname.
 
We should do a better job at validating these, but we do expect a valid URI with a scheme and host, ie. https://baah.moo.app/oauth.

The stack trace shows baaah.moo.app:/oa... where the scheme is interpreted as baaah.moo.app and there is no host.
 
We should verify the redirect URIs when setting up the OAuth client, then this error would be that it doesn't match the registered URIs.
 
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.3.5).

Change log:
Properly validate OAuth client redirect URIs
There may be a delay before changes are rolled out to the XenForo Community.
 
Back
Top Bottom