omniauth_openid_connect icon indicating copy to clipboard operation
omniauth_openid_connect copied to clipboard

Published 20 hours ago verified publisher icon omniauth

Automatically set (and send?) redirect_uri

Open nevans opened this issue 2 years ago • 2 comments

To match the omniauth-oauth2 gem and the gems that subclass it, and to simplify valid provider configuration, the redirect_uri should be automatically configured to "callback_uri". To maintain backward compatibility (and allow customization) it would only be set when missing, and never override an explicit configuration.

Although RFC-6749 considers redirect_uri to be optional, the OIDC Core spec marks it as required. So there's really no circumstance it should not be sent to the authorization endpoint (which is what happens if it isn't explicitly configured).

What do you think? Would a PR that does this be accepted?

nevans avatar Nov 30 '22 15:11 nevans

+1 I would also like this feature.

lfdebrux avatar Jun 30 '23 10:06 lfdebrux

Can confirm the monkey patch works to enable deleting redirect_uri from client_options.

class OmniAuth::Strategies::OpenIDConnect
  def redirect_uri
    full_host + callback_path
  end
end

exciton avatar Sep 07 '23 06:09 exciton