Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: make nonce handling configurable #111

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat: make nonce handling configurable #111

wants to merge 3 commits into from
+107 −4

Conversation

bvogel
Copy link

@bvogel bvogel commented Dec 21, 2023
edited
Loading

This PR will introduce a individual handling of the nonce validation that is significantly hindered by Apple with using a POST callback.

Added specs, README too.

fixes #102 and
fixes #103

Just reopening #107 with an additional fix.

See all discussion over there.

@bvogel bvogel mentioned this pull request Dec 21, 2023
Closed
@bvogel bvogel changed the title Fix: apple session handling feat: make nonce handling configurable Dec 21, 2023
bvogel
bvogel commented Dec 21, 2023
View reviewed changes
README.md Outdated Show resolved Hide resolved
@btalbot
Copy link
Contributor

btalbot commented Dec 21, 2023

OmniAuth and its plugins are Rack middleware and do not require Rails. I see that there are some rails specific extensions being used in this PR which will break when Rails is not available.

@bvogel
Copy link
Author

bvogel commented Dec 24, 2023

@btalbot Thanks for pointing that out. I'll look into ways to interact with cookies without the rails intermediate layer. But as the rails dependency is only required in testing would it be fine to keep it as dev dependency only?

@bvogel bvogel mentioned this pull request Dec 24, 2023
Open
@btalbot
Copy link
Contributor

btalbot commented Dec 26, 2023

Seems like the best way to ensure that rails extensions are not present is to not include them in any dependency; otherwise, how can you be sure?

@erkie
Copy link

erkie commented Jan 9, 2024

@bvogel thanks for your work on this. spent 2 hours trying to debug this issue and finally found this. I hope this gets merged 🙏

@yshmarov
Copy link

yshmarov commented Jun 29, 2024
edited
Loading

works for me!

currently I see no way to effectively use the gem without this addition

@ervinchai ervinchai mentioned this pull request Jul 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Getting error as id_token_claims_invalid | nonce invalid nonce is optional in callback
4 participants
@bvogel @btalbot @erkie @yshmarov