omniauth-gplus
omniauth-gplus copied to clipboard
samdunne
A Google+ strategy for OmniAuth
The old `authorize_url`, `https://www.google.com/accounts/o8/oauth2/authorization`, redirects to `https://accounts.google.com/o/oauth2/auth`. The old `token_url` began 404'ing some time in the past few days-- the current recommended URL is `https://www.googleapis.com/oauth2/v4/token` (according to https://developers.google.com/identity/protocols/OpenIDConnect).
I'm trying to use gplus with devise as: ``` config.omniauth :gplus, ENV['KEY'], END['SECRET'], scope: 'plus.me' ``` But got an error after authenticating an app ``` [INFO ] GET "/users/auth/gplus" for...
The userinfo endpoint is depreciated as per google login scopes documentation: https://developers.google.com/+/api/oauth#login-scopes and https://developers.google.com/+/api/auth-migration#timetable It's not currently possible to migrate to using email & profile because the format_scope method is...
[Security issue from Hakiri](https://hakiri.io/projects/2f5f4d3489e8a7/stacks/6296616b105379/builds/d144b1e64495f2/warnings/48e6746e861c82): Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that...
It would be nice to sign up a user with minimal scope, and then just request extra scopes as they are needed, so as not to seem too invasive at...
