omniauth / omniauth-oauth2

An abstract OAuth2 strategy for OmniAuth.

omniauth/omniauth-oauth2 Issues

CVE-2020-36599 (Critical), CVE-2015-9284 (High)
Updated 19 days ago1
Keeping Github Releases in sync with gem releases?
Closed 4 months ago4
Implementing omniauth strategy for authorization code grant
Updated 7 months ago3
Coveralls check is failing
Closed 10 months ago
redirect_uri parameter given to authorization endpoint is not identical to the one given to the token endpoint
Updated a year ago19
NoMethodError (undefined method `expired?' for nil:NilClass)
Updated a year ago6
CSRF Detected - When changing Subdomain to 'app' instead of 'www'
Closed a year ago1
request.env['omniauth.origin'] always nil
Updated 2 years ago1
Refresh token is not read if expires_in or expires_at is not present
Updated 2 years ago5
Error when no refresh_token is available
Closed 2 years ago1
Duplicate redirect_uri in Callback phase
Updated 2 years ago
I get the response that I need but its considered as authentication Failure
Updated 2 years ago7
Invalid JWT token type (invalid_credentials: OAuth2::Error)
Updated 2 years ago5
omniauth: (google_login) Authentication failure! csrf_detected (only Safari)
Updated 2 years ago16
@agrobbin @sferik Could you review this, if you still have an interest in the issue?
Updated 2 years ago1
Well, seems it's working now after I upgrade to the latest version. The state parameter can be parsed as I expect.
Updated 2 years ago2
state parameter change to hashing code.
Closed 2 years ago2
Possible issue with mirroring back the query params that were passed from authorization server
Updated 3 years ago5
How do I fix the Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected ?
Closed 3 years ago4
authorize url controller redirects using 302 instead of 307
Updated 3 years ago
undefined method `expired?' for nil:NilClass
Updated 3 years ago2
Version incompatibility with later versions of Faraday
Closed 3 years ago2
PKCE Support
Closed 4 years ago1
http call and response leading to invalid_credentials error with familysearch strategy
Updated 4 years ago2
Update omniauth from 1.9 for security reasons
Closed 5 years ago3
Always provide refresh token, whether access token expires or not
Updated 6 years ago
Custom Strategy - OmniAuth::NoSessionError
Updated 6 years ago
oauth2 dependency v2.0 and looking for additional maitainers
Updated 6 years ago
Got an error on `deep_symbolize` after authentication
Updated 6 years ago
Where Does The Subclass Go?
Updated 6 years ago1
After a successful login if I go back in browser I get CSRF detected error
Updated 6 years ago2
Faraday::ConnectionFailed execution expired
Closed 6 years ago3
Support for gem is stopped
Closed 7 years ago1
Find a better way to cooperate with 3rd party omniauth oauth2 provider gems
Closed 7 years ago2
1.4.0 makes my rails app unable to sign in with facebook
Closed 7 years ago41
CSRF protection bypassed.
Updated 7 years ago1
Documentation fot Posting with the access token
Closed 7 years ago1
Support rails 5
Closed 7 years ago2
Redirect URI Required not Optional
Updated 8 years ago
Compatibility with omniauth >=1.3?
Closed 8 years ago2
undefined method `bytesize' for Hash
Closed 8 years ago1
Invalid redirect_uri with load_balance. Force domain.
Updated 8 years ago
handling invalid_grant errors
Updated 8 years ago
Is there a way to change url param `client_id` -> 'app_id'?
Updated 9 years ago
Default Safari 8.0+ settings ignore cookies on redirect which breaks CSRF validation
Updated 9 years ago7
In production, authentication fails with no errors (possibly CSRF problem)
Closed 9 years ago8
Really weird CSRF issue...
Updated 9 years ago
Add authorization header to get access token request
Closed 9 years ago1
Increasing uncertainty in my Strategy
Closed 9 years ago
Removal of Faraday dependency breaks error handling
Updated 9 years ago1