Unable to continue authorization

Yes, this is a regression in version 7.x-1.5 caused by #2491575: Race condition when enabling a module with endpoint and OAuth2 authentication

This patch is a bit more liberal about what parameters trigger overwriting the session: client_id or response_type.

I have a module (oauth2_loginprovider) that depends on oauth2_server. Every time that oauth2_server makes a new release, it will break it, and I have to patch oauth2_server to fix it. This is a big problem because Drupal always pushes you to upgrade, then you do a `drush up` and your production site is broken, and then people complain to me that my module is not working anymore.

Can you guys (@pjcdawkins) please stop making new releases without getting a green light from the community? What's the point of a new release that breaks production sites? In particular the last realese was just pointless at all (no new features, no nothing). If some people need to use the latest and greatest, they can use the dev branch. In any case, they can always pick up the patches that they need. But a release that breaks things is totally unacceptable. Please get matured and behave responsibly.

Thanks for your understanding.

@dashohoxha I see your frustration and I agree that module releases should be stable - and in this case:

• there should be more time between the commit and the release (here it was 5 days)
• ideally, there should be a test that catches this

I don't agree that the last release (1.5) was pointless - it had fixes for 2 serious and 1 potentially serious bug:

• fixed possible fatal (500) errors at oauth2/token when using refresh tokens ('Avoid calling delete() on non-existent entities')
• fixed the usage of JWTs (again fatal/500 errors) (#2409125: Token endpoint gives error when using cryptotokens)
• fixed the scary apparent race condition in the authorization code flow (#2512352: Race condition in aborted authorizations)... and that fix caused this regression

and it added a couple of minor features (https://www.drupal.org/node/2663924).

Of course I don't think 'drush up' (and accepting every upgrade it offers) is a good way to keep a production site up-to-date.

I've committed the patch above and I'll release it soon... given that it's a very small hotfix. If I or anyone else has time to write a regression test, that of course would be worth it.

You are right, `drush up` totally distroys my site while updating the core, I have to do the update manually.
It used to work well though. Recently I upgraded to drush 8, and it rewards me with this "feature".

How do I get notified when a new release is made? Is there something like "Watch" of GitHub?

I tend to use drush up -n - I use that to look at potential new versions, and then I go and read the release notes etc.

You can subscribe to a project's issues by email, but I don't see any option to get notified on new releases.

The 7.x-1.6 release is just being built: https://www.drupal.org/node/2675880