Open mstahv opened 10 years ago
Yes, it seems Google requires the response address to be exactly as defined in the application settings, even for the query parameters.
Your static address solution works if there's only one oauth button in the application.
This addon uses the ?oauthpopupcallback=123 parameter to know for which button the response is. This doesn't work with Google+ and in general is not the best possible solution...
A proper OAuth2 standard solution would be to use a uri parameter named "state" in the authorization url, i.e. https://accounts.google.com/o/oauth2/auth?client_id=XXX&response_type=token&state=123 Now Google would add the same "state" parameter to the response url, i.e. redirect to https://mydomain.fi/oauth2callback?state=123
This would require some changes to this addon. There are also other things where this addon is not doing things properly for OAuth2, which may cause problems. Eg. different response_types. Hopefully I can implement/fix them at some point. I didn't know that much about OAuth when I created this addon... :)
There is still practically only one per provider, a quick fix might be to derive it from the currently used provider?
This has been fixed with pull request #11
The add-on don't work out of the box (at least very stable) with Google OAuth2 (aka google plus authentication). The problem is that the response hook is dynamic (increasing number in the address).
My solution was just to make the response address static: https://github.com/mstahv/vaadin-oauthpopup/commit/b409b34624054c5357314944394f51ac24defde1
Don't know if it is a properly working generic solution, but works for me.