TechQA.

how to add state param for Uberauth in Elixir

600 views Asked by At

During oAuth process it's good to set state param to authorize url for security. When I checked Überauth Shopify https://github.com/kodehort/ueberauth_shopify/blob/master/lib/ueberauth/strategy/shopify.ex#L88 it is sent to shopify.

But I don't understand how I need to set this state param in my Phoenix application that Shopify would get it. Any suggestions?

elixir phoenix-framework omniauth ueberauth
Original Q&A
2

There are 2 answers

2
Jonas Dellinger On BEST ANSWER

You supply state in the URL you're passing to Ueberauth (In the same way, scopes are passed as well)

Depending on your router setup, with the default being:

pipeline :auth do
  Ueberauth.plug "/auth"
end

scope "/auth" do
  pipe_through [:browser, :auth]

  get "/:provider/callback", AuthController, :callback
end

you supply scopes and state by redirecting your user to the specified auth URL:

/auth/shopify?scopes=read_orders%20read_products&state=yourSuperSecretState

or without any scopes:

/auth/shopify?state=yourSuperSecretState

0
Kevin Johnson On

Since recent, Ueberauth auto-sets and checks it for you by default, to protect you from CSRF.

Related Questions in ELIXIR

Related Questions in PHOENIX-FRAMEWORK

Related Questions in OMNIAUTH

Related Questions in UEBERAUTH

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions