omniauth-oauth2 1.4.x will break redirect_uri

Question

omniauth-oauth2 1.4.x will break redirect_uri

hosh opened this issue 9 years ago · 4 comments

When using omniauth-oauth2 1.3.x, the redirect_uri gets passed back to Shopify as something like example.com/auth/shopify/callback

However, when using omniauth-oauth2 1.4.x, the redirect_uri will get passed back to Shopify as example.com/auth/shopify/callback?shop=myshop.myshopify.com

This breaks the oauth2 handshake since the Shopfiy API uses a strict interpretation of the redirect uri, and adds the ?shop= param by itself.

Some possible solutions:

Relax the strict checking on Shopify API end
Version lock omniauth-oauth2 to 1.3.x
Find out what changed in 1.4.x and override the redirect_uri generation

FrankFang commented 7 years ago

Thanks!

Answer 1 · 2015-10-29T07:24:39.000Z

See also: Shopify/shopify_app#165

Answer 2 · 2015-10-29T08:50:04.000Z

Other provider-specific omniauth gems are having trouble with this, as well: omniauth/omniauth-oauth2#81

Seems like this gem will either need to lock omniauth-oauth2 to ~> 1.3.1 in their gemspec, or add a fix.

Answer 3 · 2015-10-31T02:58:29.000Z

You can set callback_url when configuring the shopify provider in Omniauth.