Comments (10)
mathieuprog
commented on September 27, 2024
For anyone who might need this, kinda obvious but in the meanwhile this can be done:
plug :check_if_known_provider when action in [:request]
plug Ueberauth
@known_providers ~w(google)
def check_if_known_provider(conn, _params) do
provider = Map.fetch!(conn.params, "provider")
if provider in @known_providers do
conn
else
conn
|> send_resp(400, "")
|> halt()
end
endfrom ueberauth.
yordis
commented on September 27, 2024
I couldn't replicate the issue: #191
from ueberauth.
fuelen
commented on September 27, 2024
@yordis I think that's because all routes in the test router are defined explicitly, while we use this
scope "/auth", MyApp do
pipe_through :browser
get "/:provider", AuthController, :request
get "/:provider/callback", AuthController, :callback
endcopied from ueberauth_google README
from ueberauth.
Hajto
commented on September 27, 2024
#193
Here is my proposed solution to the problem. It sets the error that can be handled in the the user callback and presets the status.
The question is:
- Do we remove the status set?
- Should we halt the connection?
This boils down to two solutions:
- Should we leave this error to be handled by the user?
- Should it always return 404?
Imo the visual way of handling this will depend on the application so I think I should remove the status and let the user handle the error however the library user wants.
from ueberauth.
fuelen
commented on September 27, 2024
I'd suggest raising an exception which implements Plug.Exception protocol, where the status is specified as 404.
In this case application will render a developer-defined error page.
from ueberauth.
Hajto
commented on September 27, 2024
That is a lovely idea, I will try to incorporate it.
from ueberauth.
Hajto
commented on September 27, 2024
from ueberauth.
Hajto
commented on September 27, 2024
I did push the proposal. Once it gets traction and gets approved I will write proper tests for this scenario.
from ueberauth.
fuelen
commented on September 27, 2024
@yordis sorry, but commit with the test you've merged doesn't solve the issue. It tests the following line
ueberauth/test/support/spec_router.ex
Line 44 in 7b1aaba
and not the code I've mentioned above:
get "/:provider", AuthController, :requestfrom ueberauth.
yordis
commented on September 27, 2024
@fuelen I understand that it doesn't solve your problem, but that test failed with the changes that broke some people production code (which is the reason why I merged).
Another word, I am not proving that your situation is resolved.
from ueberauth.
Related Issues (20)
- OAuth2 needs new maintainers HOT 4
- State nonce cookie should properly be signed HOT 2
- How can run Ueberauth plug directly? HOT 3
- Custom `callback_port` and `callback_scheme` not used HOT 1
- Callback URL not mounted right when router has nested paths
- Can't set strategy options at runtime HOT 2
- Line Login v2.1 update request which I've done HOT 4
- callback_port config compiled into plug at compile time HOT 10
- App.Auth.AuthController.request/2 is undefined or private HOT 1
- minor: mix package versions are out of date
- New hex.pm release? HOT 1
- Incorrect callback_url when using Bandit.PhoenixAdapter
- put_session successful, but get_session failed HOT 1
- function MyAppWeb.OAuthController.request/2 is undefined or private HOT 1
- Support for nonces HOT 1
- FR: Support multiple usages of the same strategy in config HOT 13
- Incomplete docs to configure pipeline and check that user is authenticated HOT 3
- Latest release breaks existing paths HOT 6
- Latest version is retired HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ueberauth.