omniauth-oauth2 1.4.x will break redirect_uri
hosh opened this issue · 4 comments
When using omniauth-oauth2 1.3.x, the redirect_uri gets passed back to Shopify as something like example.com/auth/shopify/callback
However, when using omniauth-oauth2 1.4.x, the redirect_uri will get passed back to Shopify as example.com/auth/shopify/callback?shop=myshop.myshopify.com
This breaks the oauth2 handshake since the Shopfiy API uses a strict interpretation of the redirect uri, and adds the ?shop=
param by itself.
Some possible solutions:
- Relax the strict checking on Shopify API end
- Version lock omniauth-oauth2 to 1.3.x
- Find out what changed in 1.4.x and override the redirect_uri generation
See also: Shopify/shopify_app#165
Other provider-specific omniauth gems are having trouble with this, as well: omniauth/omniauth-oauth2#81
Seems like this gem will either need to lock omniauth-oauth2 to ~> 1.3.1 in their gemspec, or add a fix.
You can set callback_url
when configuring the shopify provider in Omniauth.
Thanks!