Automatically set (and send?) redirect_uri

[nevans]

To match the omniauth-oauth2 gem and the gems that subclass it, and to simplify valid provider configuration, the redirect_uri should be automatically configured to "callback_uri". To maintain backward compatibility (and allow customization) it would only be set when missing, and never override an explicit configuration.

Although RFC-6749 considers redirect_uri to be optional, the OIDC Core spec marks it as required. So there's really no circumstance it should not be sent to the authorization endpoint (which is what happens if it isn't explicitly configured).

What do you think? Would a PR that does this be accepted?

[lfdebrux]

+1 I would also like this feature.

[exciton]

Can confirm the monkey patch works to enable deleting redirect_uri from client_options.

class OmniAuth::Strategies::OpenIDConnect
  def redirect_uri
    full_host + callback_path
  end
end