Open nevans opened 1 year ago
+1 I would also like this feature.
Can confirm the monkey patch works to enable deleting redirect_uri from client_options.
class OmniAuth::Strategies::OpenIDConnect
def redirect_uri
full_host + callback_path
end
end
To match the omniauth-oauth2 gem and the gems that subclass it, and to simplify valid provider configuration, the
redirect_uri
should be automatically configured to "callback_uri". To maintain backward compatibility (and allow customization) it would only be set when missing, and never override an explicit configuration.Although RFC-6749 considers
redirect_uri
to be optional, the OIDC Core spec marks it as required. So there's really no circumstance it should not be sent to the authorization endpoint (which is what happens if it isn't explicitly configured).What do you think? Would a PR that does this be accepted?