multiple oauth providers won't work at the same time #1
Comments
|
As I see it, the authenticate! method of service A shouldn't be called at all when you are authenticating via the service B. This should be avoided on the valid? method. As I see this is not being covered on the specs nor on the code. We will have to do this:
The way we are going to do this is:
Probably we could use the same warden_oauth_provider parameter and dish the oauth_token verification from the valid? method altogether. Something like: def valid? (params.include?('warden_oauth_provider') && params['warden_oauth_provider'] == config.provider_name.to_s) end #... def authenticate! load_request_token_from_session #... else end #... def request_token host_with_port = Warden::OAuth::Utils.host_with_port(request) @request_token ||= consumer.get_request_token({:oauth_callback => host_with_port}, :warden_oauth_provider => config.provider_name.to_s) end |
(As noted by Steven Parkes)
I'm using warden_oauth against both twitter and linkedin (in the context for devise, if that matters).
The problem I'm coming up against is that when I get the redirect back from the oauth provider, it again goes through all the strategies. The authenticate! for each strategy sees that it has the right URL parameter and goes on to do the find_user_by_access_token. But if the auth is through the second provider, this is wrong when checking the first provider, and it errors out because it's getting the wrong token.
Does that makes sense? The summary is that multiple oauth strategies have to be able to differentiate themselves.
Not sure the best way to do this. I could have different callback URLs, but that's getting overridden in #request_token right now.
I can hack it, but I'm wondering what you thought the best approach would be.
The text was updated successfully, but these errors were encountered: