Closed kswope closed 4 years ago
On second through I'm closing this because its not such a big deal.
Here is why. Ally lets you specify an unique callback url for each driver in config/services.js
For example
config/services.js ( note redirectUri )
'google': {
'clientId': Env.getOrFail('GOOGLE_CLIENT_ID'),
'clientSecret': Env.getOrFail('GOOGLE_CLIENT_SECRET'),
'redirectUri': `${Env.get('APP_URL')}/auth/google/callback`
},
start/routes.js ( note :provider in each route )
Route.get('/auth/:provider/callback', 'UserController.allyCallback').middleware('guest');
Route.get('/auth/:provider', 'UserController.allyRedirect').middleware('guest');
UserController.js ( note params.provider )
async allyRedirect ({ally, params}) {
await ally.driver(params.provider).redirect();
}
async allyCallback ({ally, params, request}) {
const user = await ally.driver(params.provider).getUser();
return {'ok': true};
}
The only variation between providers now is putting the unique callback in the authorized urls at each providers website.
For example, up at https://console.developers.google.com, in the Authorized redirect URIs section, I had to add
https://mydomain.com/auth/google/callback
http://localhost:3000/auth/google/callback
In every Oauth library I've used (passport, omniauth, Ueberauth) the provider could be returned from the query. I think its passed through the oauth2 state parameter.
The most important reason for this that the callback handler can be generic and handle all provider redirects, which in turn means you can register the same callback at all providers. Currently not only do I have to create an unique callback for each provider but I also have to register the unique callbacks at all providers.