Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set callback path dynamically #54

Open
khoan opened this issue Feb 17, 2014 · 2 comments
Open

set callback path dynamically #54

khoan opened this issue Feb 17, 2014 · 2 comments

Comments

@khoan
Copy link

khoan commented Feb 17, 2014

AFAIK, it's currently impossible to easily set callback dynamically per call.

I propose passing callback_path transparently from request phase to callback phase. Below is a monkey patch.

Thoughts?

module OmniAuth
  module Strategies
    class OAuth2
      alias_method :original_request_phase, :request_phase
      def request_phase
        session['omniauth.callback_path'] = request.params['callback_path']
        original_request_phase
      end

      alias_method :original_callback_phase, :callback_phase
      def callback_phase
        session.delete 'omniauth.callback_path'
        original_callback_phase
      end

      def callback_path
        @callback_path ||= session['omniauth.callback_path'] || super
      end
    end
  end
end
@isaacsanders
Copy link
Contributor

Do you have any ideas for adding these hooks in the strategy? I would be happy to accept a pull request.

@jcoglan
Copy link

jcoglan commented Jul 3, 2015

Allowing the redirect_uri to be set from user input probably opens up account theft attacks, for example via URL fragments in 302 redirects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jcoglan @khoan @isaacsanders