omniauth-slack icon indicating copy to clipboard operation
omniauth-slack copied to clipboard

Published 20 hours ago verified publisher icon ginjo

Auth hash in new version

Open richardonrails opened this issue 4 years ago • 2 comments

I'm working on something new and have been playing with this gem before and after this 2.5.0 update

I see now the Auth hash is pretty barebones:

The omniauth-slack gem will now copy the access-token hash to the AuthHash info section, but it will no longer be mapping specific data points from the access-token to specific fields in the AuthHash info section (other than info fields that are 'required' by the OmniAuth::AuthHash schema spec).

Some misc feedback/questions:

  • I think it'd be helpful to provide (at least in documentation) an implementation that fills out the simple info fields listed here even if not required, such as email, nickname, first_name, last_name of the user.
  • I'm a bit confused why you're including the access token in the info section? Is that typical in OmniAuth (I've never worked with other providers before) but it seems surprising based on my reading of schema since there's a separate section for credentials and raw_info already. And even if you don't include the Access Token object in info, it's still available via request.env['omniauth.strategy'].access_token already, right?
  • This is more of a general OmniAuth question, but -- is it "normal" to put extra fields into the info section of the Auth Hash, or is it best practice to have the info section only contains fields listed in schema and to put everything else in extra?

In my case I'm trying to allow Sign in with Slack but also grabbing/storing some additional information about their team from users.list. Slightly confused regarding putting e.g. my users.list API call in the Strategy, the OmniauthCallbacksController, or User.from_omniauth. Also trying to plan for other providers besides Slack. This is what made me think it was odd to put non-standard fields in the info section of AuthHash, but I'm not sure.

richardonrails avatar Aug 22 '20 11:08 richardonrails

With how the gem is in 2.5.0, I think you also need to remove the entire skip_info section of the README, as it appears that option is no longer used at all. https://github.com/ginjo/omniauth-slack/tree/master#skip_info-boolean

richardonrails avatar Aug 22 '20 19:08 richardonrails

@richardonrails @ginjo finding myself in a similar scenario after an upgrade to 2.5.0.

At the moment I can only gain access to the user email address through:

env['omniauth.strategy'].access_token.authed_user.get('/api/users.identity').parsed

Any advice on a better way to access the authorizing user's email? I like the new approach to the flexible, progressive info hash in principle, but I'm a little lost as to how to use it.

Am I doing this right? Or am I missing something?

SirRawlins avatar Feb 15 '22 18:02 SirRawlins