Open ZenCocoon opened 12 years ago
Hi,
A few days ago, a security update has been made to omniauth-oauth2, this one uses the :state parameter to mitigate CSRF. https://github.com/intridea/omniauth-oauth2/pull/18
omniauth-oauth2
However, it seem that devise_oauth2_providable doesn't handle this parameter as expected as it doesn't send it back in the callback.
devise_oauth2_providable
A similar issue seems to be faced at https://github.com/intridea/omniauth-oauth2/issues/20
+1 to this. Would love to see a fix.
:+1:
Anyone having time to make a pull request?
Hi,
A few days ago, a security update has been made to
omniauth-oauth2
, this one uses the :state parameter to mitigate CSRF. https://github.com/intridea/omniauth-oauth2/pull/18However, it seem that
devise_oauth2_providable
doesn't handle this parameter as expected as it doesn't send it back in the callback.A similar issue seems to be faced at https://github.com/intridea/omniauth-oauth2/issues/20