Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10087

Set of character for user code in OAuth2 device flow should not contain confusing characters (such as 0 and O).

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.0, 14.0.0
    • Fix Version/s: 13.5.1, 14.0.0
    • Component/s: oauth2
    • Labels:
    • Sprint:
      AM Sustaining Sprint 32
    • Story Points:
      3
    • Support Ticket IDs:

      Description

      The user code obtained when using the OAuth2 device flow is created based on the following strings:

      In 13.5.0

      StatefulTokenStore: ALPHABET string:

      234567ABCDEFGHIJKLMNOPQRSTVWXYZabcdefghijkmnopqrstvwxyz
      

      As per comments:

      //removed 0, 1, U, u, 8, 9 and l due to similarities to O, I, V, v, B, g and I on some displays

      However, from a user point of view, removing only 0 and leaving O is still confusing. There is no way to know, when seeing 'O' in the code to enter, which one it is (they don't know what set is being implemented!).

      We should also remove O, I, V, v, B, g

      In 14.0.0

      Alphabet class; BASE58 string: 123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz
      

      We should probably remove more than just 0, O, I, l or make it configurable.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                joe.starling Joe Starling
                Reporter:
                nathalie.hoet Nathalie Hoet
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: