mirror of
https://github.com/chatwoot/chatwoot.git
synced 2026-06-04 21:02:35 +08:00
b791d75b30
Fixes #9775 ## Description This fixes a repeated admin consent loop in the Microsoft OAuth flow when connecting a Microsoft email inbox. Chatwoot was always sending `prompt=consent` in the Microsoft authorization URL. In the current code path, this parameter is only used when building the authorization URL and is not required by the callback, token exchange, token persistence, or refresh flow. By removing the forced consent prompt, the OAuth flow can proceed normally without repeatedly sending users back through the admin consent screen. ## What changed - removed `prompt: 'consent'` from the Microsoft authorization URL - added a regression assertion to ensure `prompt` is not included in the generated URL ## Why this is safe - `redirect_uri`, `scope`, and `state` remain unchanged - callback and token exchange flow remain unchanged - refresh token flow remains unchanged - no other part of the current Microsoft inbox flow depends on forcing a consent screen ## Testing - updated controller spec to assert that the generated authorization URL does not include `prompt` |
||
|---|---|---|
| .. | ||
| api | ||
| auth | ||
| concerns | ||
| devise_overrides | ||
| installation | ||
| linear | ||
| microsoft | ||
| notion | ||
| platform/api/v1 | ||
| public/api/v1 | ||
| shopify | ||
| super_admin | ||
| survey | ||
| tiktok | ||
| twilio | ||
| webhooks | ||
| android_app_controller.rb | ||
| api_controller.rb | ||
| apple_app_controller.rb | ||
| application_controller.rb | ||
| dashboard_controller.rb | ||
| health_controller.rb | ||
| microsoft_controller.rb | ||
| oauth_callback_controller.rb | ||
| platform_controller.rb | ||
| public_controller.rb | ||
| slack_uploads_controller.rb | ||
| swagger_controller.rb | ||
| widget_tests_controller.rb | ||
| widgets_controller.rb | ||