omniauth-apple icon indicating copy to clipboard operation
omniauth-apple copied to clipboard

Published 20 hours ago verified publisher icon nhosoya

feat: make nonce handling configurable

Open bvogel opened this issue 1 year ago • 5 comments

This PR will introduce a individual handling of the nonce validation that is significantly hindered by Apple with using a POST callback.

Added specs, README too.

fixes https://github.com/nhosoya/omniauth-apple/issues/102 and fixes https://github.com/nhosoya/omniauth-apple/issues/103

Just reopening #107 with an additional fix.

See all discussion over there.

bvogel avatar Dec 21 '23 16:12 bvogel

OmniAuth and its plugins are Rack middleware and do not require Rails. I see that there are some rails specific extensions being used in this PR which will break when Rails is not available.

btalbot avatar Dec 21 '23 19:12 btalbot

@btalbot Thanks for pointing that out. I'll look into ways to interact with cookies without the rails intermediate layer. But as the rails dependency is only required in testing would it be fine to keep it as dev dependency only?

bvogel avatar Dec 24 '23 12:12 bvogel

Seems like the best way to ensure that rails extensions are not present is to not include them in any dependency; otherwise, how can you be sure?

btalbot avatar Dec 26 '23 05:12 btalbot

@bvogel thanks for your work on this. spent 2 hours trying to debug this issue and finally found this. I hope this gets merged 🙏

erkie avatar Jan 09 '24 09:01 erkie

works for me!

currently I see no way to effectively use the gem without this addition

yshmarov avatar Jun 29 '24 09:06 yshmarov