JSON data is not handled transparently

[snovity]

Since Omniauth is working at Rack level when tokens are submitted via JSON, data is not present in params. Rails on the other hand unites JSON data and HTTP params into one hash and it is really convinient. I use a monkey patch to do the same thing for standard params like access_token, code and id_token. I was wondering if it makes sense for me to convert it to PR?

[zquestz]

Here's the known working patch that fixes the bug above. Pulled from a closed bug report in my repo, as I think it should be fixed here.

class OmniAuth::Strategies::OAuth2
  # most strategies (Facebook, GoogleOauth2) do not override this method, it means that
  # for such strategies JSON posting of access_token will work out of the box
  def callback_phase_with_json
    # Doing the same thing as Rails controllers do, giving uniform access to GET, POST and JSON params
    # reqest.params contains only GET and POST params as a hash
    # env[..] contains JSON, XML, YAML params as a hash
    # see ActionDispatch::Http::Parameters#parameters
    parsed_params = env['action_dispatch.request.request_parameters']
    if parsed_params
      request.params['code'] = parsed_params['code'] if parsed_params['code']
      request.params['access_token'] = parsed_params['access_token'] if parsed_params['access_token']
      request.params['id_token'] = parsed_params['id_token'] if parsed_params['id_token'] # used by Google
    end
    callback_phase_without_json
  end
  alias_method_chain :callback_phase, :json
end

[zrisher]

👍 I know we're unlikely to see a fix for this given the repo hasn't been active for nearly two years, but omniauth-oauth2 is still the first place people look when implementing oauth login in new Rack projects, and it's a shame it still fails with JSON post data.

[jakeonfire]

this monkey patch works for me with Rails 5:

class OmniAuth::Strategies::OAuth2
  module WithJson
    def callback_phase
      # Doing the same thing as Rails controllers do, giving uniform access to GET, POST and JSON params
      # reqest.params contains only GET and POST params as a hash
      parsed_params = ActionDispatch::Request.new(env).request_parameters
      request.params.merge!(parsed_params) if parsed_params.present?
      super
    end
  end

  prepend WithJson
end

[laptopmutia]

+1 I know we're unlikely to see a fix for this given the repo hasn't been active for nearly two years, but omniauth-oauth2 is still the first place people look when implementing oauth login in new Rack projects, and it's a shame it still fails with JSON post data.

I get confused is this thread talking about this gem cannot handle json response from the server?

this monkey patch works for me with Rails 5:

class OmniAuth::Strategies::OAuth2
  module WithJson
    def callback_phase
      # Doing the same thing as Rails controllers do, giving uniform access to GET, POST and JSON params
      # reqest.params contains only GET and POST params as a hash
      parsed_params = ActionDispatch::Request.new(env).request_parameters
      request.params.merge!(parsed_params) if parsed_params.present?
      super
    end
  end

  prepend WithJson
end

may I know how did you do the monkey patching?

[jakeonfire]

@laptopmutia that code in an initializer accomplishes the monkey patching - prepend WithJson inside class OmniAuth::Strategies::OAuth2 overrides the original callback_phase method, updates request.params with the JSON params, and then calls the original method via super at the end.