Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use callback_url without query_string when building access_token #205

Merged
merged 1 commit into from
Jan 9, 2016
Merged

use callback_url without query_string when building access_token #205

merged 1 commit into from
Jan 9, 2016

Conversation

zmajstor
Copy link
Contributor

after callback_url override was removed in gem omniauth-oauth2 in version 1.4.0
omniauth/omniauth-oauth2@2615267

there is a build_access_token error:

OAuth2::Error: redirect_uri_mismatch:
{
  "error" : "redirect_uri_mismatch"
}

this error can be fixed with callback_url override, similarly as it was in previous versions of the gem omniauth-oauth2

@zmajstor zmajstor mentioned this pull request Oct 26, 2015
Closed
@h3xed h3xed mentioned this pull request Oct 27, 2015
Closed
@Fudoshiki
Copy link

@zquestz when will be merged?

@zquestz
Copy link
Owner

zquestz commented Oct 29, 2015

We have resolved the issue a different way. We have locked omniauth-oauth2 to ~> 1.3.1 and are not upgrading until we hear from the maintainer of that project. If this is a permanent change in the omniauth-oauth2 library then we will consider this PR.

zquestz
zquestz reviewed Oct 29, 2015
View reviewed changes
lib/omniauth/strategies/google_oauth2.rb
@@ -100,14 +100,18 @@ def custom_build_access_token
elsif verify_token(request.params['id_token'], request.params['access_token'])
::OAuth2::AccessToken.from_hash(client, request.params.dup)
else
orig_build_access_token
verifier = request.params["code"]
client.auth_code.get_token(verifier, get_token_options(callback_url), deep_symbolize(options.auth_token_params))
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: we should use the same coding style as above.

deep_symbolize(options.auth_token_params || {})

@zquestz
Copy link
Owner

zquestz commented Oct 29, 2015

This change set looks good. When we move to supporting 1.4 then this will be merged if they don't address the issue upstream. The changes in 1.4 broke a lot of people, and it is very possible some things will be fixed in the next release.

@zquestz
Copy link
Owner

zquestz commented Oct 29, 2015

There is a much cleaner fix on this thread: omniauth/omniauth-oauth2@2615267

Merely need to add:

def redirect_uri
  full_host + script_name + callback_path
end

Probably going to just go that route as that claims to work and is a much smaller change.

@zmajstor zmajstor closed this Oct 29, 2015
@zquestz
Copy link
Owner

zquestz commented Oct 29, 2015

I lied, just went through and tested their fix and it flat out doesn't work to resolve the issue. It causes an issue with the oauth2 gem itself.

I am going to go with this fix as I think your solution is actually the correct one. Thanks for the PR!

@zquestz zquestz reopened this Oct 29, 2015
@mmahalwy
Copy link

mmahalwy commented Nov 5, 2015

@zquestz any luck with this?

@zquestz
Copy link
Owner

zquestz commented Nov 5, 2015

This was fixed in master by locking to an older version of omniauth-oauth2. I need to a bit more testing on this before I merge, but it should be soon, although the need is not immediate.

@zquestz
Copy link
Owner

zquestz commented Jan 9, 2016

K going to merge. Prepping a new release and going to update to omniauth-oauth2 1.4.

zquestz added a commit that referenced this pull request Jan 9, 2016
@zquestz
Merge pull request #205 from zmajstor/master
bda155a 
use callback_url without query_string when building access_token
@zquestz zquestz merged commit bda155a into zquestz:master Jan 9, 2016
mikeastock added a commit to procore/registrar that referenced this pull request Jan 10, 2016
@mikeastock
Remove omniauth-oauth2 lock
955ef57 
This reverts
50b067a.

The incompatibility with omniauth-oauth 1.4.0 was fixed in
zquestz/omniauth-google-oauth2#205 and released
in version 0.3.0
@mikeastock mikeastock mentioned this pull request Jan 10, 2016
Merged
mcasper pushed a commit to procore/registrar that referenced this pull request Jun 24, 2016
@mikeastock @mcasper
Remove omniauth-oauth2 lock
e1c04f1 
This reverts
50b067a.

The incompatibility with omniauth-oauth 1.4.0 was fixed in
zquestz/omniauth-google-oauth2#205 and released
in version 0.3.0
@pravi pravi mentioned this pull request Nov 7, 2016
Closed
sb8244 added a commit to SalesLoft/omniauth-salesloft that referenced this pull request Feb 15, 2017
@sb8244
Make the strategy work with new omniauth
b10a577 
icoretech/omniauth-spotify#8 (comment)
zquestz/omniauth-google-oauth2#205

Google OAuth 2 talks about the problem with new Omniauth version's callback_url. Manually specific
the callback url to remove the query string
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zmajstor @Fudoshiki @zquestz @mmahalwy