Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

multiple oauth providers won't work at the same time #1

Open
roman opened this Issue · 1 comment

1 participant

Roman Gonzalez
Roman Gonzalez
Owner
roman commented

(As noted by Steven Parkes)

I'm using warden_oauth against both twitter and linkedin (in the context for devise, if that matters).

The problem I'm coming up against is that when I get the redirect back from the oauth provider, it again goes through all the strategies. The authenticate! for each strategy sees that it has the right URL parameter and goes on to do the find_user_by_access_token. But if the auth is through the second provider, this is wrong when checking the first provider, and it errors out because it's getting the wrong token.

Does that makes sense? The summary is that multiple oauth strategies have to be able to differentiate themselves.

Not sure the best way to do this. I could have different callback URLs, but that's getting overridden in #request_token right now.

I can hack it, but I'm wondering what you thought the best approach would be.

Roman Gonzalez
Owner
roman commented

As I see it, the authenticate! method of service A shouldn't be called at all when you are authenticating via the service B. This should be avoided on the valid? method.

As I see this is not being covered on the specs nor on the code. We will have to do this:

1) Add a spec that has 2 services registered and check that each of them is being called successfully when using them.

The way we are going to do this is:

2) Add an Application Parameter on the get_request_token and get_access_token invocations that identifies each strategy uniquely, so that the valid? method can check which service is being called.

Probably we could use the same warden_oauth_provider parameter and dish the oauth_token verification from the valid? method altogether.

Something like:

def valid?

(params.include?('warden_oauth_provider') && params['warden_oauth_provider'] == config.provider_name.to_s)

end

#...

def authenticate!
if params.include?('oauth_token')

load_request_token_from_session

#...

else

store_request_token_on_session

#...

end

#...

def request_token

host_with_port = Warden::OAuth::Utils.host_with_port(request)

@request_token ||= consumer.get_request_token({:oauth_callback => host_with_port}, :warden_oauth_provider => config.provider_name.to_s)

end

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.