Commit f101895
Fix OAuth redirect loop by restoring NullResourceOwner behavior
v6.16.0 (1bfb22d) changed resource_owner_authenticator to redirect
unauthenticated users to /users/sign_in, storing the OAuth authorize
URL in session[:user_return_to]. SessionsController#new then called
redirect_with_authentication, which read that URL and appended
show_authentication=signIn — sending the user straight back to
/oauth/authorize, which Doorkeeper immediately bounced back to
/users/sign_in, creating an infinite loop.
The correct fix is to revert resource_owner_authenticator to return
NullResourceOwner.new for unauthenticated requests. This lets Doorkeeper
render the authorization page, and the AuthorizationPrompt React
component already handles the unauthenticated case: it opens the
sign-in modal and sets afterSignInPath to the OAuth URL so the user is
returned to the consent page after signing in.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>1 parent a774d7b commit f101895
2 files changed
Lines changed: 2 additions & 27 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
8 | | - | |
9 | | - | |
10 | | - | |
11 | | - | |
12 | | - | |
13 | | - | |
14 | | - | |
15 | | - | |
16 | | - | |
17 | | - | |
18 | | - | |
19 | | - | |
20 | | - | |
| 8 | + | |
21 | 9 | | |
22 | 10 | | |
23 | 11 | | |
24 | 12 | | |
25 | | - | |
26 | | - | |
27 | | - | |
28 | | - | |
29 | 13 | | |
30 | 14 | | |
31 | 15 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
16 | | - | |
17 | | - | |
18 | | - | |
19 | | - | |
20 | | - | |
21 | | - | |
22 | | - | |
23 | | - | |
24 | | - | |
25 | | - | |
| 16 | + | |
26 | 17 | | |
27 | 18 | | |
28 | 19 | | |
| |||
0 commit comments