Ticket created by ~omz13 on ~sircmpwn/meta.sr.ht
When a token is issued, the response from the token endpoint is not correct:
expires_in
is a string but it should be an int per 1
- The value itself to be wrong: I am receiving
86399
, which is almost one day of seconds, and not one year's worth of seconds (which is what the dashboard says it is valid for).
Ticket created by ~omz13 on ~sircmpwn/meta.sr.ht
When a user is presented with the Authorize account access page (https://meta.sr.ht/oauth2/authorize?client_id=...), clicking
Cancel
does not cancel the request, but instead issues the token as ifGrant account access
was clicked. I would have expected theredirect_url
to be called witherror="access_denied"
per 0