Giter Club home page Giter Club logo

Comments (10)

nov avatar nov commented on August 16, 2024 2

set SameSite=none instead of redirect.

from omniauth-apple.

Meat-Chopper avatar Meat-Chopper commented on August 16, 2024 1

It reproduces if you store session in cookies.
Chrome browser doesn't send cookies on POST request from the Apple's site, so a new session is created by default.
A workaround is implemented in the link above:
1 Prevented the creation of a new session on a POST request
2 Redirected request to be sent to the same location with the same parameters. Since there is a GET request after the redirect, Chrome includes cookies in the request.

from omniauth-apple.

Meat-Chopper avatar Meat-Chopper commented on August 16, 2024 1

Just monkeypatch class OmniAuth::Strategies::Apple with the method callback_phase from the link

from omniauth-apple.

Meat-Chopper avatar Meat-Chopper commented on August 16, 2024 1

I'd prefer it to be merged into this gem, but it's up to maintainers.

from omniauth-apple.

Meat-Chopper avatar Meat-Chopper commented on August 16, 2024

Try this https://github.com/discourse/discourse-apple-auth/blob/40ef076fa744d562ce54f3f30921a1b387e042fb/lib/omniauth_apple.rb#L60

from omniauth-apple.

hoffdog avatar hoffdog commented on August 16, 2024

What causes this error?

from omniauth-apple.

vasaf avatar vasaf commented on August 16, 2024

Try this https://github.com/discourse/discourse-apple-auth/blob/40ef076fa744d562ce54f3f30921a1b387e042fb/lib/omniauth_apple.rb#L60

Where should I be implementing this solution? Bit stuck on this one..

from omniauth-apple.

vasaf avatar vasaf commented on August 16, 2024

Just monkeypatch class OmniAuth::Strategies::Apple with the method callback_phase from the link

Thanks! that did the trick

from omniauth-apple.

hoffdog avatar hoffdog commented on August 16, 2024

Thank you for all your work!

from omniauth-apple.

salzig avatar salzig commented on August 16, 2024

Instead of opening up the session to potential security risks, we may merge #107 and allow the nonce to be stored in its own encypted cookie?

from omniauth-apple.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.