Don't include incoming querystring in Dropbox Business callback_url #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Unlike most providers, the Dropbox Business (and Dropbox consumer) API require the callback_url to exactly match what is configured in their web UI, **including any querystring values**. By default, OmniAuth appends any incoming querystrings to the callback_url being sent the the provider. This means that if your app begins auths with something like: /auth/dropbox_oauth2?auth_version=v2, Your callback_url becomes: /auth/dropbox_oauth2/callback?auth_version=v2 This doesn't exact match Dropbox Business' overly strict requirements for this URL: /auth/dropbox_oauth2/callback The fix is for this provider to override callback_url so that the querystring is not appended automatically. There is a long-going disucssion to see whether this should be fixed in omniauth-oauth2 or within each affected provider strategy: omniauth/omniauth-oauth2#93 It's not super clear, but the consensus seems to be that this behavior should be accounted for in the strategy. Here's the similar issue for Dropbox (consumer): icoretech/omniauth-dropbox2#2 Unmerged PR in the consumer library: icoretech/omniauth-dropbox2#2
|
Thanks a lot @aguynamedben please check the master branch and let me know if it is working fine for you or not |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Unlike most providers, the Dropbox Business (and Dropbox consumer) API
require the callback_url to exactly match what is configured in their
web UI, including any querystring values. By default, OmniAuth appends any
incoming querystrings to the callback_url being sent the the
provider.
This means that if your app begins auths with something like:
/auth/dropbox_oauth2?auth_version=v2,
Your callback_url becomes:
/auth/dropbox_oauth2/callback?auth_version=v2
This doesn't exact match Dropbox Business' overly strict requirements
for this URL:
/auth/dropbox_oauth2/callback
The fix is for this provider to override callback_url so that the
querystring is not appended automatically.
There is a long-going disucssion to see whether this should be fixed
in omniauth-oauth2 or within each affected provider strategy:
omniauth/omniauth-oauth2#93
It's not super clear, but the consensus seems to be that this behavior
should be accounted for in the strategy.
Here's the similar issue for Dropbox (consumer):
icoretech/omniauth-dropbox2#2
Unmerged PR in the consumer library:
icoretech/omniauth-dropbox2#2