Allow token URL to be on a different host

Beware of potential cross-origin resource issues.

On Thu, Jun 2, 2016 at 10:01 AM, Alberto Mardegan <
<email address hidden>> wrote:

> Public bug reported:
>
> Some OAuth 2.0 providers have the token endpoint used in the web-based
> authentication on a different host than the authorization endpoint (an
> example is mcloud by China Mobile).
>
> The plugin must support this use case, possibly by allowing the
> TokenPath parameter to hold a full URL.
>
> ** Affects: signon-plugin-oauth2 (Ubuntu)
> Importance: High
> Assignee: Alberto Mardegan (mardy)
> Status: In Progress
>
> ** Changed in: signon-plugin-oauth2 (Ubuntu)
> Assignee: (unassigned) => Alberto Mardegan (mardy)
>
> ** Changed in: signon-plugin-oauth2 (Ubuntu)
> Importance: Undecided => High
>
> ** Changed in: signon-plugin-oauth2 (Ubuntu)
> Status: New => In Progress
>
> --
> You received this bug notification because you are a member of WebApps,
> which is subscribed to signon-plugin-oauth2 in Ubuntu.
> https://bugs.launchpad.net/bugs/1588210
>
> Title:
> Allow token URL to be on a different host
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/signon-plugin-oauth2/+bug/1588210/+subscriptions
>

Indeed, but in this case the URLs are not coming from the server, but are statically defined in the .provider file shipped by the account plugin.

This bug was fixed in the package signon-plugin-oauth2 - 0.24+16.10.20160818-0ubuntu1

---------------
signon-plugin-oauth2 (0.24+16.10.20160818-0ubuntu1) yakkety; urgency=medium

  * New upstream release
    - OAuth2: allow token URL to be on a different host (LP: #1588210)
    - OAuth2: accept replies carrying text/html content type (LP: #1438393)
    - Enable CI on gitlab.com
  * debian/control, debian/rules:
    - Don't run tests in dbus-test-runner
    - Update link to project homepage

 -- Alberto Mardegan <email address hidden> Thu, 18 Aug 2016 07:22:39 +0000