Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
For some reason the omniauth_openid_connect gem wants us to supply the `redirect_uri` (the URL to redirect to after a successful OAuth2 negotiation, which in our case is the OmniAuth callback route) when the provider is configured. This is really annoying to do, and I can't see why it wouldn't be able to use the OmniAuth `callback_url` in the same way the omniauth-oauth2 gem does [[1]]. There is an open feature request for this [[2]], but it hasn't been acknowledged by the maintainers as yet. So instead we'll just monkeypatch the strategy. [1]: https://github.com/omniauth/omniauth-oauth2/blob/3a43234ab5dd36a75f9c125c58fcfe1a37b26805/lib/omniauth/strategies/oauth2.rb#L59 [2]: omniauth/omniauth_openid_connect#136 (comment)
- Loading branch information
For what it's worth, we had some issues with Microsoft 365 when we simply aliased
redirect_uri
tocallback_url
, as is done here. Specifically,redirect_uri
was used during the callback phase when fetching the tokens, and this implementation incorrectly inserted the query params into theredirect_uri
. Often, sending theredirect_uri
with token requests is not required. But if you do send it then it must match exactly. Currently, we're using the following:Although your scenario may differ from ours.