Multiple issues while integrating this module to Yii app

[SOHELAHMED7]

Describe the bug

I have installed and configured this modules as per the guide mentioned in the docs.

It works partly.

Part 1:

Whenever I click on client "Login with OAuth2 server", I am redirected to server page:

When I click allow I don't get access token and request to server API fails and thus failing this entire operation

Part 2:

Now again I click on client "Login with OAuth2 server", I am redirected to server page:

I click "Allow" and everything works properly. I am able to login in client by server's OAuth mechanism successfully.

Part 3:

Now again I click on client "Login with OAuth2 server", I am redirected to page mentioned in part 1. I click allow and operation fails.

Now again I click on client "Login with OAuth2 server", I am redirected to page mentioned in part 2. I click allow and operation succeed.

Now again I click on client "Login with OAuth2 server", I am redirected to page mentioned in part 1. I click allow and operation fails.

Now again I click on client "Login with OAuth2 server", I am redirected to page mentioned in part 2. I click allow and operation succeed.

This goes on...

Secondly:

Whenever I click enable in Part 1 oauth2_user_client_scope.enable column is updated from true to false.

To Reproduce
Steps to reproduce the behavior:

1. Install this module in Yii app as mentioned in docs
2. oauth2_client row:

{
"oauth2_client": [
	{
		"id" : 3,
		"identifier" : "mango-id",
		"name" : "mango-name",
		"type" : 2,
		"secret" : "2021-01-01::3vUCADtKx59NPQl3\/1fJXmppRbiug3iccJc1S9XY6TPvLE02\/+ggB8GtIc24J5oMTj38NIPIpNt8ClNDS7ZBI4+ykNxYOuEHQfdkDiUf5WVKtLegx43gLXfq",
		"old_secret" : null,
		"old_secret_valid_until" : null,
		"logo_uri" : null,
		"tos_uri" : null,
		"contacts" : null,
		"redirect_uris" : "\"[\\\"http:\/\/localhost:7878\/web\/index.php?r=user%2Fsecurity%2Fauth&authclient=oauthserver\\\"]\"",
		"allow_variable_redirect_uri_query" : false,
		"token_types" : 1,
		"grant_types" : 5,
		"scope_access" : 0,
		"end_users_may_authorize_client" : true,
		"user_account_selection" : null,
		"allow_auth_code_without_pkce" : false,
		"skip_authorization_if_scope_is_allowed" : false,
		"client_credentials_grant_user_id" : null,
		"oidc_allow_offline_access_without_consent" : false,
		"oidc_userinfo_encrypted_response_alg" : null,
		"enabled" : true,
		"created_at" : 1690463297,
		"updated_at" : 1690463297
	}
]}

3. oauth2_scope row:

{
"oauth2_scope": [
	{
		"id" : 2,
		"identifier" : "read_user",
		"description" : null,
		"authorization_message" : null,
		"applied_by_default" : 1,
		"required_on_authorization" : true,
		"enabled" : true,
		"created_at" : 1690463275,
		"updated_at" : 1690463275
	}
]}

4. oauth2_user_client_scope table row:

{
"oauth2_user_client_scope": [
	{
		"user_id" : 1,
		"client_id" : 3,
		"scope_id" : 2,
		"enabled" : true,
		"created_at" : 1691406603,
		"updated_at" : 1691572338
	}
]}

Expected behavior

1. It should not show page shown in Part 1. But only page of Part 2. Part 1 is not needed at all.
2. Once I allow scope authorization on server, it should not ask again (unless access token is expired or I revoked access from server)

Actual behavior

Mentioned above in description

Screenshots

Added above in description

Environment (please complete the following information):

• Server OS/Environment: Docker version 24.0.5, build ced0996 & Ubuntu 22.04.2 LTS
• Browser: Brave

Additional context

I use PgSQL as DB in server and Mysql in client

[rhertogh]

Hi @SOHELAHMED7, thanks for the detailed description. I'll try to reproduce it locally.

[rhertogh]

Hi @SOHELAHMED7, I see the Scope applied_by_default is 1 but just to be sure, is there any config in the oauth2_client_scope table?