Skip to content

fix(hybrid): allow sending redirect_uri param to avoid redirect URI mismatch errors#118

Open
wJoenn wants to merge 2 commits into
nhosoya:masterfrom
Leexi-ai:fix/hybrid/redirect_uri_mismatch
Open

fix(hybrid): allow sending redirect_uri param to avoid redirect URI mismatch errors#118
wJoenn wants to merge 2 commits into
nhosoya:masterfrom
Leexi-ai:fix/hybrid/redirect_uri_mismatch

Conversation

@wJoenn

@wJoenn wJoenn commented Feb 14, 2025

Copy link
Copy Markdown

closes #115

Summary

When using omniauth-apple with a API only Rails application it's common for the initial request to be made from the client side application instead of from Rails.
The client side application then receives a authorization code which it POST to /auth/apple/callback and the code is verified from the API before finally signing the user in.

When doing so the redirect_uri used in the callback process needs to be the same as the redirect_uri used in the request process so we need to be able to share that redirect_uri from the client side app to the API.

This is also the case with other omniauth-<provider> gem.

This PR allows sending a redirect_uri param to the /auth/apple/callback endpoint from a client side application and ensures that param will be used when present to avoid redirect uri mismatch errors.


Until this PR is merged this issue can be monkey patched by initializing a custom class that will override this gem

# config/initializers/omniauth-apple-monkey-patch.rb
module OmniAuth
  module Strategies
    class Apple
      def callback_url
        request.params['redirect_uri'] || options[:redirect_uri] || (full_host + callback_path)
      end
    end
  end
end

@wJoenn wJoenn changed the title fix(hybrid): redirect uri mismatch fix(hybrid): allow sending redirect_uri param to avoid redirect URI mismatch errors Feb 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Empty env['omniauth.params'] on callback

1 participant