Comments (16)
The reason is csrf protection in omniauth-oauth2 1.1.0.
Omniauth-facebook has already updated to omniauth-oauth2 1.1.0.
simi/omniauth-facebook@c07e228
We should did the same with omniauth-vkontakte.
from omniauth-vkontakte.
Thanks!
from omniauth-vkontakte.
Currently VKontakte doesn't return state
parameter with the code so this won't work until it is fixed on VKontakte side. I wrote to their support about it yesturday, still waiting.
from omniauth-vkontakte.
http://ambivalent.ru/2012/web/oauth-vkontakte-authorisation-no-state-parameter/
from omniauth-vkontakte.
I still get this error, how we can fix it ?
from omniauth-vkontakte.
I don't know. You can still use older versions(< 1.1.0) of omniauth-oauth2.
from omniauth-vkontakte.
Here's the ticket on their support if anyone wants to monitor the issue (and if it can be called a ticket).
from omniauth-vkontakte.
This seems like a bug in Vkontakte.
It works correctly and passes parameter state, only if parameter scope include 'notify'.
from omniauth-vkontakte.
Still no news?
from omniauth-vkontakte.
my previous message
from omniauth-vkontakte.
Any news?
from omniauth-vkontakte.
Парни, как зставить работать гем, не форкая и не изменяя версии зависимостей?
from omniauth-vkontakte.
Видимо, нужно передавать notify
в параметре scope
, или вообще не задавать этот параметр (там идет notify
по умолчанию).
from omniauth-vkontakte.
Заметил, что state
стал возвращаться даже без notify
в параметре scope
. Видимо, поправили.
from omniauth-vkontakte.
@7even, спасибо за инфо
from omniauth-vkontakte.
@7even кстати да… тоже заметил...
from omniauth-vkontakte.
Related Issues (20)
- Error on callback redirect HOT 1
- Unneeded API calls
- Update gem on rubygems please HOT 2
- Нет email адреса
- Работает ли данный модуль со Standalone приложениями? HOT 2
- Could not find a strategy with name `Vkontakte'. Please ensure it is required or explicitly set it using the :strategy_class option. (Devise::OmniAuth::StrategyNotFound) HOT 1
- redirect_uri is invalid, please pass same redirect_uri, you used in authorize method HOT 5
- ERROR -- omniauth: (vkontakte) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected HOT 2
- Getting 502 on callback HOT 2
- Работа в develompent HOT 7
- Offline Access HOT 9
- invalid_credentials: OAuth2::Error, invalid_grant: Code is invalid or expired HOT 1
- Add Rubocop
- Пустой request.env['omniauth.auth'] HOT 3
- client_id is incorrect HOT 5
- Bump omniauth-oauth2 version HOT 1
- [Question] Send token straight to omniauth_callback
- иногда выскакивает NoRawData HOT 2
- Creating a gem release for omniauth-oauth2 dependency update HOT 2
- {"error":"invalid_client","error_description":"client_id is undefined"} HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from omniauth-vkontakte.