Skip to content

Support for requests with access_token from client apps #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Support for requests with access_token from client apps #91

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 30 additions & 5 deletions lib/omniauth/strategies/oauth2.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,13 +64,15 @@ def token_params
end

def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity
error = request.params["error_reason"] || request.params["error"]
params = request.params
error = params['error_reason'] || params['error']
if error
fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
elsif !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
description = params['error_description'] || params['error_reason']
fail!(error, CallbackError.new(params['error'], description, params['error_uri']))
elsif csrf_detected?
fail!(:csrf_detected, CallbackError.new(:csrf_detected, 'CSRF detected'))
else
self.access_token = build_access_token
self.access_token = params['access_token'] ? build_access_token_from_token : build_access_token
self.access_token = access_token.refresh! if access_token.expired?
super
end
Expand All @@ -82,12 +84,35 @@ def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength
fail!(:failed_to_connect, e)
end

def csrf_detected?
params = request.params
if params['code']
return if options.provider_ignores_state
state = params['state'].to_s
state.empty? || state != session.delete('omniauth.state')
elsif params['access_token']
csrf_token = params['csrf_token']
csrf_token.empty? || csrf_token != session['_csrf_token']
end
end

protected

def build_access_token
verifier = request.params["code"]
client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
end

def build_access_token_from_token
token_opts = request.params.slice(
'access_token',
'expires_at',
'expires_in',
'refresh_token',
)
token_opts.merge!(options.access_token_options || {})
::OAuth2::AccessToken.from_hash(client, token_opts)
end

def deep_symbolize(options)
hash = {}
Expand Down