Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I think there is a bug in the module that although don't prevent the correct workflow of my application It may be worth to fix in a critical module as this one. It is also possible that I'm missing something and it is all ok, but just in case:
The oauth2_server_scope_load_multiple function in oauth2_server.module accepts an array as its second parameter, which ends as a value in the $conditions array. This array then goes as is to the method cacheGet from DrupalDefaultEntityController in entity.inc file. But this function allows only string values as condition values (and not arrays), and in particular it produces a PHP notice at line 364 at function array_diff_assoc.
I reproduce it in the (first) authorization call when the client is not automatically authorized and therefore the confirm form is shown.
Comments
Comment #1
bojanz commentedThanks for catching this, committed a fix.