Skip to content

Store ID token not access token for ID token in extra info#24

Closed
ryanswood wants to merge 1 commit intoomniauth:masterfrom
ryanswood:add-id-token-support
Closed

Store ID token not access token for ID token in extra info#24
ryanswood wants to merge 1 commit intoomniauth:masterfrom
ryanswood:add-id-token-support

Conversation

@ryanswood
Copy link

@ryanswood ryanswood commented Mar 15, 2022

Followup to #17 which replaces the access token with the ID token in the extra info.

This PR slightly changes the solution and includes a spec.

@ryanswood ryanswood mentioned this pull request Mar 15, 2022
Closed
@rockorequin
Copy link

rockorequin commented Apr 4, 2022

+1 for this.

Btw, should it check oauth2_access_token['id_token'] is not nil as well as oauth2_access_token?

@ryanswood
Copy link
Author

ryanswood commented Apr 6, 2022

@rockorequin

Btw, should it check oauth2_access_token['id_token'] is not nil as well as oauth2_access_token?

I am not sure though I do prefer to leave as is. It is much more clear to have the extra info hash contain the key id_token with a nil value as a way to explain the ID's absence rather than not having the key. Plus, this code has worked this way for ~5 years so it would be problematic if the key were not to exist on the next release.

@rockorequin Thoughts?

@BobbyMcWho What are the steps to get this merged? Let me know if there is anything else needed.

1 similar comment
@ryanswood
Copy link
Author

ryanswood commented Apr 6, 2022

@rockorequin

Btw, should it check oauth2_access_token['id_token'] is not nil as well as oauth2_access_token?

I am not sure though I do prefer to leave as is. It is much more clear to have the extra info hash contain the key id_token with a nil value as a way to explain the ID's absence rather than not having the key. Plus, this code has worked this way for ~5 years so it would be problematic if the key were not to exist on the next release.

@rockorequin Thoughts?

@BobbyMcWho What are the steps to get this merged? Let me know if there is anything else needed.

@rockorequin
Copy link

rockorequin commented Apr 7, 2022

@ryanswood Good points, I agree.

Also, fwiw I tested the patch and it works fine with my logout code.

Is it possible that someone might be using the access token (that is currently mislabeled as id_token)? In which case, would it be a good idea to at least add a note to the readme file saying that the id_token key now actually refers to the id_token instead of the access_token?

@BobbyMcWho
Copy link
Member

BobbyMcWho commented Apr 8, 2022

Yeah, when this gets merged it'll be a major version bump most likely since it breaks the existing expected data

@ryanswood
Copy link
Author

ryanswood commented Apr 14, 2022

@BobbyMcWho PR look good? Anything else needed? I am assuming the PR would be merged and you would bump the version and do a release?

1 similar comment
@ryanswood
Copy link
Author

ryanswood commented Apr 14, 2022

@BobbyMcWho PR look good? Anything else needed? I am assuming the PR would be merged and you would bump the version and do a release?

@BobbyMcWho BobbyMcWho mentioned this pull request Apr 14, 2022
Merged
@BobbyMcWho
Copy link
Member

BobbyMcWho commented Apr 14, 2022

@ryanswood @rockorequin please check out #25

@BobbyMcWho
Copy link
Member

BobbyMcWho commented Apr 18, 2022

I appreciate your patience on this folks, this has been released in v2.0.0. Released on rubygems.

@BobbyMcWho BobbyMcWho closed this Apr 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ryanswood @rockorequin @BobbyMcWho