Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't generate callback_url w/ query string #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Don't generate callback_url w/ query string #2

wants to merge 1 commit into from

Conversation

cyu
Copy link

@cyu cyu commented Mar 12, 2017

Using query_string in the callback_url will create ''redirect_uri
mismatch' when trying to fetch the token.

https://www.dropboxforum.com/t5/API-support/URI-misatch/td-p/40948

@cyu
Don't generate callback_url w/ query string
dd3f4c3 
Using query_string in the callback_url will create ''redirect_uri
mismatch' when trying to fetch the token.
@aguynamedben
Copy link

+1

@masterkain Any way you're gonna merge this and push to RubyGems.org? I can fork it but them I'm just fracturing this again. I reviewed @cyu's code and it LGTM.

My company could also take over maintaining this repo if you want to transfer it to https://github.com/getcommande

@aguynamedben
Copy link

aguynamedben commented Mar 17, 2020
edited
Loading

cc @fatshotty @Keytwo Any way this can be merged? If you want to transfer to my company's GitHub org, we'd take over maintaining this gem if you want.

@masterkain
Copy link
Member

@aguynamedben we had problems with this redirect stuff in the past, if you can confirm it's working ok with recent gems versions I'll fix the conflict and merge.

cheers

aguynamedben added a commit to getcommande/omniauth-dropbox-business-api2 that referenced this pull request Mar 18, 2020
@aguynamedben
Don't include incoming querystring in Dropbox Business callback_url
4186aa5 
Unlike most providers, the Dropbox Business (and Dropbox consumer) API
require the callback_url to exactly match what is configured in their
web UI, **including any querystring values**. By default, OmniAuth appends any
incoming querystrings to the callback_url being sent the the
provider.

This means that if your app begins auths with something like:
/auth/dropbox_oauth2?auth_version=v2,

Your callback_url becomes:
/auth/dropbox_oauth2/callback?auth_version=v2

This doesn't exact match Dropbox Business' overly strict requirements
for this URL:
/auth/dropbox_oauth2/callback

The fix is for this provider to override callback_url so that the
querystring is not appended automatically.

There is a long-going disucssion to see whether this should be fixed
in omniauth-oauth2 or within each affected provider strategy:
omniauth/omniauth-oauth2#93

It's not super clear, but the consensus seems to be that this behavior
should be accounted for in the strategy.

Here's the similar issue for Dropbox (consumer):
icoretech/omniauth-dropbox2#2

Unmerged PR in the consumer library:
icoretech/omniauth-dropbox2#2
@aguynamedben aguynamedben mentioned this pull request Mar 18, 2020
Merged
@aguynamedben
Copy link

Yeah this is working in production for us. I think there was a mess with some of the omniauth-oauth2 libraries... we have the current ones and this works with it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cyu @aguynamedben @masterkain