Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
We have a site where you must login to view any content. We want to allow users to login / register using OAuth. However, the callback menu items have an access callback which uses the "access content" argument which directly conflicts with our rule to only allow authenticated users to see content.
Instead, the menu items should either just be set to TRUE for their callback (i.e. allow all) or create a specific permission to allow access to the connector callback URL.
oauth/authorized2
I would opt for a specific permission myself and thus will provide a patch with that solution.
Comment | File | Size | Author |
---|---|---|---|
#4 | oauthconnector-2176907-4-authorized_access.patch | 1.14 KB | arithmetric |
#1 | authorized-access-2176907.patch | 1.09 KB | minorOffense |
Screen Shot 2014-01-19 at 4.22.25 PM.png | 74.03 KB | minorOffense |
Comments
Comment #1
minorOffense CreditAttribution: minorOffense commentedAdded hook permission and set callback.
Comment #2
minorOffense CreditAttribution: minorOffense commentedComment #3
matt2000 CreditAttribution: matt2000 commentedIndeed. I've seen this misuse of 'access content' elsewhere in the Oauth suite of modules.
Comment #4
arithmetric CreditAttribution: arithmetric commentedAttached is a patch that takes a different approach to resolve this issue. It uses the existing "connect with oauthconnector_..." permission that is used by the oauthconnector module.