Support for requests with access_token from client apps #91
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi!
This PR allows use same strategies for authorization by
access_tokenobtained in the client app. There is answer on SO that suggests to write custom endpoints for every provider in this case. But why should this be done, if omniauth strategies already has this stuff?!)This PR is in the preview state yet. Maybe config option to enable this feature should be added. It also relies on Rails's
_csrf_tokento protect from request forgery. This can be configured with proc. Or this can be allowed only for POST, and framework will check csrf itself.It won't break any existing strategies. Maybe some just will need to be fixed a little.
WDYT?